Merge pull request #6335 from WoltLab/6.2-global-templates-unsafe

Refactor global templates

Author: Cyperghost

com.woltlab.wcf/templates/__menu.tpl

@@ -3,7 +3,7 @@
 		{event name='menuBefore'}
 
 		{foreach from=$menuItemNodeList item=menuItemNode}
-			<li class="{if $menuItemNode->isActiveNode()}active{/if}{if $menuItemNode->hasChildren()} boxMenuHasChildren{/if}" data-identifier="{@$menuItemNode->identifier}">
+			<li class="{if $menuItemNode->isActiveNode()}active{/if}{if $menuItemNode->hasChildren()} boxMenuHasChildren{/if}" data-identifier="{$menuItemNode->identifier}">
 				<a {anchorAttributes url=$menuItemNode->getURL() appendClassname=false} class="boxMenuLink"{if $menuItemNode->isActiveNode()} aria-current="page"{/if}>
 					<span class="boxMenuLinkTitle">{$menuItemNode->getTitle()}</span>
 					{if $menuItemNode->getOutstandingItems() > 0}
@@ -14,10 +14,10 @@
 					{/if}
 				</a>
 
-				{if $menuItemNode->hasChildren()}<ol class="boxMenuDepth{@$menuItemNode->getDepth()}">{else}</li>{/if}
+				{if $menuItemNode->hasChildren()}<ol class="boxMenuDepth{$menuItemNode->getDepth()}">{else}</li>{/if}
 
 				{if !$menuItemNode->hasChildren() && $menuItemNode->isLastSibling()}
-					{@"</ol></li>"|str_repeat:$menuItemNode->getOpenParentNodes()}
+					{unsafe:"</ol></li>"|str_repeat:$menuItemNode->getOpenParentNodes()}
 				{/if}
 		{/foreach}
 

com.woltlab.wcf/templates/authFlowFooter.tpl

@@ -21,7 +21,7 @@
 
 <!-- {$__wcf->getRequestNonce('JAVASCRIPT_RELOCATE_POSITION')} -->
 
-{@FOOTER_CODE}
+{unsafe:FOOTER_CODE}
 
 <span id="bottom"></span>
 

com.woltlab.wcf/templates/authFlowHeader.tpl

@@ -9,7 +9,7 @@
 		{/if}
 	{/if}
 
-	<title>{if $pageTitle}{@$pageTitle} - {/if}{PAGE_TITLE|phrase}</title>
+	<title>{if $pageTitle}{unsafe:$pageTitle} - {/if}{PAGE_TITLE|phrase}</title>
 
 	{include file='headInclude'}
 
@@ -18,14 +18,14 @@
 	{/if}
 
 	{if !$headContent|empty}
-		{@$headContent}
+		{unsafe:$headContent}
 	{/if}
 </head>
 
 <body id="tpl_{$templateNameApplication}_{$templateName}"
 	itemscope itemtype="http://schema.org/WebPage"{if !$canonicalURL|empty} itemid="{$canonicalURL}"{/if}
-	data-template="{$templateName}" data-application="{$templateNameApplication}"{if $__wcf->getActivePage() != null} data-page-id="{@$__wcf->getActivePage()->pageID}" data-page-identifier="{$__wcf->getActivePage()->identifier}"{/if}
-	{if !$__pageDataAttributes|empty}{@$__pageDataAttributes}{/if}
+	data-template="{$templateName}" data-application="{$templateNameApplication}"{if $__wcf->getActivePage() != null} data-page-id="{$__wcf->getActivePage()->pageID}" data-page-identifier="{$__wcf->getActivePage()->identifier}"{/if}
+	{if !$__pageDataAttributes|empty}{unsafe:$__pageDataAttributes}{/if}
 	class="authFlow{if $__wcf->getActivePage() != null && $__wcf->getActivePage()->cssClassName} {$__wcf->getActivePage()->cssClassName}{/if}{if !$__pageCssClassName|empty} {$__pageCssClassName}{/if}">
 
 <span id="top"></span>
@@ -49,12 +49,12 @@
 		</header>
 	</div>
 
-	<section id="main" class="main" role="main"{if !$__mainItemScope|empty} {@$__mainItemScope}{/if}>
+	<section id="main" class="main" role="main"{if !$__mainItemScope|empty} {unsafe:$__mainItemScope}{/if}>
 		<div class="layoutBoundary">
 			<div id="content" class="content">
 				{if $__disableContentHeader|empty}
 					{if !$contentHeader|empty}
-						{@$contentHeader}
+						{unsafe:$contentHeader}
 					{else}
 						{if $contentTitle|empty}
 							{if $__wcf->isLandingPage() && USE_PAGE_TITLE_ON_LANDING_PAGE}
@@ -68,8 +68,8 @@
 						{if !$contentTitle|empty}
 							<header class="contentHeader">
 								<div class="contentHeaderTitle">
-									<h1 class="contentTitle">{@$contentTitle}{if !$contentTitleBadge|empty} {@$contentTitleBadge}{/if}</h1>
-									{if !$contentDescription|empty}<p class="contentHeaderDescription">{@$contentDescription}</p>{/if}
+									<h1 class="contentTitle">{unsafe:$contentTitle}{if !$contentTitleBadge|empty} {unsafe:$contentTitleBadge}{/if}</h1>
+									{if !$contentDescription|empty}<p class="contentHeaderDescription">{unsafe:$contentDescription}</p>{/if}
 								</div>
 							</header>
 						{/if}

com.woltlab.wcf/templates/authFlowRedirect.tpl

@@ -1,13 +1,13 @@
 {capture assign='pageTitle'}{lang}wcf.page.redirect.title{/lang}{/capture}
 
 {capture assign='headContent'}
-	<meta http-equiv="refresh" content="{if $wait|isset}{@$wait}{else}10{/if};URL={$url}">
+	<meta http-equiv="refresh" content="{if $wait|isset}{$wait}{else}10{/if};URL={$url}">
 {/capture}
 
 {include file='authFlowHeader'}
 
-<div class="{if !$status|empty}{@$status}{else}success{/if}">
-	<p>{@$message}</p>
+<div class="{if !$status|empty}{$status}{else}success{/if}">
+	<p>{unsafe:$message}</p>
 	<br>
 	<p><a href="{$url}">{lang}wcf.page.redirect.url{/lang}</a></p>
 </div>

com.woltlab.wcf/templates/breadcrumbs.tpl

@@ -17,7 +17,7 @@
 								<span class="breadcrumbs__title"{if $__microdata} itemprop="name"{/if}>{$breadcrumb->getLabel()}</span>
 							</a>
 							{if $__microdata}
-								<meta itemprop="position" content="{@$__breadcrumbPos}">
+								<meta itemprop="position" content="{$__breadcrumbPos}">
 								{assign var='__breadcrumbPos' value=$__breadcrumbPos+1}
 							{/if}
 						</li>

com.woltlab.wcf/templates/error.tpl

@@ -12,7 +12,7 @@
 {if $exception !== null}
 <!--
 {* A comment may not contain double dashes. *}
-{@'--'|str_replace:'- -':$exception}
+{unsafe:'--'|str_replace:'- -':$exception}
 -->
 {/if}
 {/if}
@@ -21,7 +21,7 @@
 	<div class="box64 userException">
 		{icon size=64 name='circle-exclamation'}
 		<p class="userExceptionMessage">
-			{@$message}
+			{unsafe:$message}
 		</p>
 	</div>
 </div>

com.woltlab.wcf/templates/footer.tpl

@@ -5,26 +5,26 @@
 						<div class="boxContainer">
 							{content}
 								{if !$boxesContentBottom|empty}
-									{@$boxesContentBottom}
+									{unsafe:$boxesContentBottom}
 								{/if}
 
 								{foreach from=$__wcf->getBoxHandler()->getBoxes('contentBottom') item=box}
-									{@$box->render()}
+									{unsafe:$box->render()}
 								{/foreach}
 							{/content}
 						</div>
 					</div>
 				{/hascontent}
 
 				{if MODULE_WCF_AD && $__disableAds|empty}
-					{@$__wcf->getAdHandler()->getAds('com.woltlab.wcf.footer.content')}
+					{unsafe:$__wcf->getAdHandler()->getAds('com.woltlab.wcf.footer.content')}
 				{/if}
 			</div>
 
 			{hascontent}
 				<aside class="sidebar boxesSidebarRight" aria-label="{lang}wcf.page.sidebar.right{/lang}">
 					<div class="boxContainer">
-						{content}{@$__sidebarRightContent}{/content}
+						{content}{unsafe:$__sidebarRightContent}{/content}
 					</div>
 				</aside>
 			{/hascontent}
@@ -36,11 +36,11 @@
 			<div class="boxContainer">
 				{content}
 					{if !$boxesBottom|empty}
-						{@$boxesBottom}
+						{unsafe:$boxesBottom}
 					{/if}
 
 					{foreach from=$__wcf->getBoxHandler()->getBoxes('bottom') item=box}
-						{@$box->render()}
+						{unsafe:$box->render()}
 					{/foreach}
 				{/content}
 			</div>
@@ -53,11 +53,11 @@
 				<div class="boxContainer">
 					{content}
 						{if !$footerBoxes|empty}
-							{@$footerBoxes}
+							{unsafe:$footerBoxes}
 						{/if}
 
 						{foreach from=$__wcf->getBoxHandler()->getBoxes('footerBoxes') item=box}
-							{@$box->render()}
+							{unsafe:$box->render()}
 						{/foreach}
 					{/content}
 				</div>
@@ -84,7 +84,7 @@
 
 <!-- {$__wcf->getRequestNonce('JAVASCRIPT_RELOCATE_POSITION')} -->
 
-{@FOOTER_CODE}
+{unsafe:FOOTER_CODE}
 
 <span id="bottom"></span>
 

com.woltlab.wcf/templates/headInclude.tpl

@@ -1,16 +1,16 @@
 <meta name="viewport" content="width=device-width, initial-scale=1">
 <meta name="format-detection" content="telephone=no">
 {include file='headIncludeRobotsMetaTag'}
-{implode from=$__wcf->getMetaTagHandler() item=__metaTag glue="\n"}{@$__metaTag}{/implode}
+{implode from=$__wcf->getMetaTagHandler() item=__metaTag glue="\n"}{unsafe:$__metaTag}{/implode}
 {event name='metaTags'}
 
 <!-- Stylesheets -->
-{@$__wcf->getStyleHandler()->getStylesheet()}
+{unsafe:$__wcf->getStyleHandler()->getStylesheet()}
 {event name='stylesheets'}
 
 <meta name="timezone" content="{$__wcf->user->getTimeZone()->getName()}">
 
 {include file='headIncludeJavaScript'}
 {include file='headIncludeIcons'}
 
-{@HEAD_CODE}
+{unsafe:HEAD_CODE}

com.woltlab.wcf/templates/headIncludeJavaScript.tpl

@@ -3,20 +3,20 @@
 *}
 
 <script data-cfasync="false">
-	var WCF_PATH = '{@$__wcf->getPath()}';
-	var WSC_API_URL = '{@$__wcf->getPath()}';
+	var WCF_PATH = '{unsafe:$__wcf->getPath()|encodeJS}';
+	var WSC_API_URL = '{unsafe:$__wcf->getPath()|encodeJS}';
 	var WSC_RPC_API_URL = '{link controller="Api" id="rpc"}{/link}';
 	{* The SECURITY_TOKEN is defined in wcf.globalHelper.js *}
-	var LANGUAGE_ID = {@$__wcf->getLanguage()->languageID};
+	var LANGUAGE_ID = {$__wcf->getLanguage()->languageID};
 	var LANGUAGE_USE_INFORMAL_VARIANT = {if LANGUAGE_USE_INFORMAL_VARIANT}true{else}false{/if};
-	var TIME_NOW = {@TIME_NOW};
-	var LAST_UPDATE_TIME = {@LAST_UPDATE_TIME};
+	var TIME_NOW = {TIME_NOW};
+	var LAST_UPDATE_TIME = {LAST_UPDATE_TIME};
 	var ENABLE_DEBUG_MODE = {if ENABLE_DEBUG_MODE}true{else}false{/if};
 	var ENABLE_PRODUCTION_DEBUG_MODE = {if ENABLE_PRODUCTION_DEBUG_MODE}true{else}false{/if};
 	var ENABLE_DEVELOPER_TOOLS = {if ENABLE_DEVELOPER_TOOLS}true{else}false{/if};
-	var PAGE_TITLE = '{PAGE_TITLE|phrase|encodeJS}';
+	var PAGE_TITLE = '{unsafe:PAGE_TITLE|phrase|encodeJS}';
 	
-	var REACTION_TYPES = {@$__wcf->getReactionHandler()->getReactionsJSVariable()};
+	var REACTION_TYPES = {unsafe:$__wcf->getReactionHandler()->getReactionsJSVariable()};
 	
 	{if ENABLE_DEBUG_MODE}
 		{* This constant is a compiler option, it does not exist in production. *}
@@ -31,7 +31,7 @@
 	{/if}
 </script>
 
-<script data-cfasync="false" src="{$__wcf->getPath()}js/WoltLabSuite/WebComponent.min.js?v={@LAST_UPDATE_TIME}"></script>
+<script data-cfasync="false" src="{$__wcf->getPath()}js/WoltLabSuite/WebComponent.min.js?v={LAST_UPDATE_TIME}"></script>
 <script data-cfasync="false" src="{$phrasePreloader->getUrl($__wcf->language)}"></script>
 
 {js application='wcf' file='require' bundle='WoltLabSuite.Core' core='true' hasTiny=true}
@@ -41,8 +41,8 @@
 {js application='wcf' file='3rdParty/tslib' bundle='WoltLabSuite.Core' core='true' hasTiny=true}
 <script data-cfasync="false">
 requirejs.config({
-	baseUrl: '{@$__wcf->getPath()}js',
-	urlArgs: 't={@LAST_UPDATE_TIME}'
+	baseUrl: '{unsafe:$__wcf->getPath()|encodeJS}js',
+	urlArgs: 't={LAST_UPDATE_TIME}'
 	{hascontent}
 	, paths: {
 		{content}{event name='requirePaths'}{/content}
@@ -66,9 +66,9 @@ window.addEventListener('pageshow', function(event) {
 		{/hascontent}
 		
 		User.init(
-			{@$__wcf->user->userID},
-			{if $__wcf->user->userID}'{@$__wcf->user->username|encodeJS}'{else}''{/if},
-			{if $__wcf->user->userID}'{@$__wcf->user->getLink()|encodeJS}'{else}''{/if},
+			{$__wcf->user->userID},
+			{if $__wcf->user->userID}'{unsafe:$__wcf->user->username|encodeJS}'{else}''{/if},
+			{if $__wcf->user->userID}'{unsafe:$__wcf->user->getLink()|encodeJS}'{else}''{/if},
 			'{link controller='GuestTokenDialog'}{/link}'
 		);
 		
@@ -79,7 +79,7 @@ window.addEventListener('pageshow', function(event) {
 			},
 			{if $__wcf->user->userID && SERVICE_WORKER_PUBLIC_KEY !== ''}
 			serviceWorker: {
-				publicKey: '{@SERVICE_WORKER_PUBLIC_KEY|encodeJS}',
+				publicKey: '{unsafe:SERVICE_WORKER_PUBLIC_KEY|encodeJS}',
 				serviceWorkerJsUrl: '{$__wcf->getPath('wcf')}service-worker/',
 				registerUrl: '{link controller="RegisterServiceWorker"}{/link}',
 				notificationLastReadTime: {$__wcf->getUserNotificationHandler()->getTimeOfLastReadNotification()}
@@ -137,8 +137,8 @@ window.addEventListener('pageshow', function(event) {
 
 <script data-relocate="true">
 	WCF.User.init(
-		{@$__wcf->user->userID},
-		{if $__wcf->user->userID}'{@$__wcf->user->username|encodeJS}'{else}''{/if}
+		{$__wcf->user->userID},
+		{if $__wcf->user->userID}'{unsafe:$__wcf->user->username|encodeJS}'{else}''{/if}
 	);
 </script>
 

com.woltlab.wcf/templates/headIncludeJsonLd.tpl

@@ -4,10 +4,10 @@
 {
 "@context": "http://schema.org",
 "@type": "WebSite",
-"url": {@$__websiteUrl|json},
+"url": {unsafe:$__websiteUrl|json},
 "potentialAction": {
 "@type": "SearchAction",
-"target": {@$__searchTargetUrl|json},
+"target": {unsafe:$__searchTargetUrl|json},
 "query-input": "required name=search_term_string"
 }
 }