Kristoffer Dalby f3eb9a7bba templates: escape query value in ping page ...

elem-go does not escape attribute values, so the raw query reaches
the rendered HTML verbatim. Pre-escape with html.EscapeString to prevent
reflected XSS.

Updates #3157

2026-04-17 16:31:49 +01:00

..

apple.go

hscontrol/templates: refactor to use CSS classes and embedded files

2025-11-12 08:28:12 -06:00

auth_error.go

templates: add error box component and error page template

2026-04-13 17:23:47 +01:00

auth_success.go

templates: generalise auth templates for web and OIDC

2026-02-25 21:28:05 +01:00

auth_web.go

templates: generalise auth templates for web and OIDC

2026-02-25 21:28:05 +01:00

design.go

templates: add detailsBox collapsible component

2026-04-15 10:53:35 +01:00

general.go

templates: use CSS variables in all shared components

2026-04-13 17:23:47 +01:00

ping_test.go

templates: escape query value in ping page

2026-04-17 16:31:49 +01:00

ping.go

templates: escape query value in ping page

2026-04-17 16:31:49 +01:00

register_confirm.go

templates: use table layout for registration confirm details

2026-04-13 17:23:47 +01:00

windows.go

hscontrol/templates: refactor to use CSS classes and embedded files

2025-11-12 08:28:12 -06:00