From 0503316f831e6a338d5c84e9b5ddba08cce94ba7 Mon Sep 17 00:00:00 2001
From: Flavio Heleno <flaviohbatista@gmail.com>
Date: Mon, 28 Nov 2022 11:18:36 -0300
Subject: [PATCH] Add a few more template html escapes

---
 resources/views/package/listVersions.twig | 2 +-
 resources/views/package/viewVersion.twig  | 4 ++--
 resources/views/vendor/listPackages.twig  | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/resources/views/package/listVersions.twig b/resources/views/package/listVersions.twig
index 514b6033..84afef4c 100644
--- a/resources/views/package/listVersions.twig
+++ b/resources/views/package/listVersions.twig
@@ -2,7 +2,7 @@
 
 {% block title %}Releases of "{{ package.name }}" - PHP.Package.Health{% endblock %}
 
-{% block description %}List of {{ tagged | length }} tagged releases and {{  develop | length }} development branches of package {{ package.name }}{% endblock %}
+{% block description %}List of {{ tagged | length }} tagged releases and {{ develop | length }} development branches of package {{ package.name }}{% endblock %}
 
 {% block hero_type %}is-info{% endblock %}
 
diff --git a/resources/views/package/viewVersion.twig b/resources/views/package/viewVersion.twig
index 568c3c93..c9ea9e81 100644
--- a/resources/views/package/viewVersion.twig
+++ b/resources/views/package/viewVersion.twig
@@ -51,7 +51,7 @@
             {% else %}
               <td><a href="{{ url_for('redirectPackageVersion', {vendor: dep.package.vendor, project: dep.package.project}) }}">{{ dep.package.name }}</a></td>
             {% endif %}
-            <td class="has-text-grey">{{ dep.package.description }}</td>
+            <td class="has-text-grey">{{ dep.package.description | escape }}</td>
             <td class="has-text-right"><code>{{ dep.requiredVersion }}</code></td>
             <td class="has-text-right"><code>{{ dep.package.latestVersion }}</code></td>
             <td class="has-text-right"><span class="tag {{ dep.status.type }}">{{ dep.status.text }}</span></td>
@@ -85,7 +85,7 @@
             {% else %}
               <td><a href="{{ url_for('redirectPackageVersion', {vendor: dep.package.vendor, project: dep.package.project}) }}">{{ dep.package.name }}</a></td>
             {% endif %}
-            <td class="has-text-grey">{{ dep.package.description }}</td>
+            <td class="has-text-grey">{{ dep.package.description | escape }}</td>
             <td class="has-text-right"><code>{{ dep.requiredVersion }}</code></td>
             <td class="has-text-right"><code>{{ dep.package.latestVersion }}</code></td>
             <td class="has-text-right"><span class="tag {{ dep.status.type }}">{{ dep.status.text }}</span></td>
diff --git a/resources/views/vendor/listPackages.twig b/resources/views/vendor/listPackages.twig
index 30f242e9..94ff7c88 100644
--- a/resources/views/vendor/listPackages.twig
+++ b/resources/views/vendor/listPackages.twig
@@ -23,7 +23,7 @@
       {% for package in packages %}
         <tr>
           <td><a href="{{ url_for('redirectPackageVersion', {vendor: package.vendor, project: package.project}) }}">{{ package.name }}</a></td>
-          <td class="has-text-grey">{{ package.description }}</td>
+          <td class="has-text-grey">{{ package.description | escape }}</td>
           <td class="has-text-right"><img src="{{ url_for('redirectPackageBadge', {vendor: package.vendor, project: package.project}) }}" height="20" alt="Dependency Badge" decoding="async" role="img"></td>
         </tr>
       {% endfor %}