Commit @645f6f116feaf45fdeea10d9dca7043852e3c6cb

90dc623

645f6f1

app/controllers/UserApp.java

--- app/controllers/UserApp.java

+++ app/controllers/UserApp.java


 import static play.data.Form.form;
 import static play.libs.Json.toJson;
 import static utils.HtmlUtil.defaultSanitize;
+import org.apache.commons.lang3.StringEscapeUtils;
 
 public class UserApp extends Controller {
     public static final String SESSION_USERID = "userId";

             return badRequest(edit.render(userForm, user));
         }
         user.email = newEmail;
-        user.name = newName;
+        user.name = HtmlUtil.defaultSanitize(newName);
 
         try {
             Long avatarId = Long.valueOf(userForm.data().get("avatarId"));

90dc623

645f6f1

app/views/common/partial_history.scala.html

--- app/views/common/partial_history.scala.html

+++ app/views/common/partial_history.scala.html


 @(posting:models.AbstractPosting)
 
 @import utils.TemplateHelper._
+@import utils.HtmlUtil
 
 <div id="-yona-posting-history" class="modal hide">
     <div class="modal-header">

     </div>
     <div class="modal-body">
         <p>
-            @Html(posting.history)
+            @Html(HtmlUtil.defaultSanitize(posting.history))
         </p>
     </div>
     <div class="modal-footer">

90dc623

645f6f1

app/views/common/select2.scala.html

--- app/views/common/select2.scala.html

+++ app/views/common/select2.scala.html


 @**
-* Yobi, Project Hosting SW
+* Yona, 21st Century Project Hosting SW
 *
-* Copyright 2013 NAVER Corp.
-* http://yobi.io
-*
-* @author JiHan Kim
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*   http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
+* Copyright Yona & Yobi Authors & NAVER Corp.
+* https://yona.io
 **@
 
 <script src="@routes.Assets.at("javascripts/lib/select2/select2.js")"></script>

90dc623

645f6f1

app/views/index/partial_notifications.scala.html

--- app/views/index/partial_notifications.scala.html

+++ app/views/index/partial_notifications.scala.html


 @**
-* Yobi, Project Hosting SW
+* Yona, 21st Century Project Hosting SW
 *
-* Copyright 2013 NAVER Corp.
-* http://yobi.io
-*
-* @author Yi EungJun
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*   http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
+* Copyright Yona & Yobi Authors & NAVER Corp.
+* https://yona.io
 **@
 @(from: Integer, size: Integer)
 
 @import utils.TemplateHelper._
 @import utils.JodaDateUtil
+@import utils.HtmlUtil
 
 @notifycationIcon(notifytype: EventType, state: String) = @{
     notifytype match {

                     }
                 </div>
                 <div class="message-wrap nowrap" id="message-@noti.id">
-                    <div class="message">@Html(noti.getMessage.replaceAll("\n", "<br/>\n"))</div>
+                    <div class="message">@Html(HtmlUtil.defaultSanitize(noti.getMessage.replaceAll("\n", "<br/>\n")))</div>
                 </div>
                 <div class="meta">
                     @if(user != null){

90dc623

645f6f1

app/views/issue/partial_searchform.scala.html

--- app/views/issue/partial_searchform.scala.html

+++ app/views/issue/partial_searchform.scala.html


 @**
-* Yobi, Project Hosting SW
+* Yona, 21st Century Project Hosting SW
 *
-* Copyright 2014 NAVER Corp.
-* http://yobi.io
-*
-* @author Jihan Kim
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*   http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
+* Copyright Yona & Yobi Authors & NAVER Corp.
+* https://yona.io
 **@
 @(param:models.support.SearchCondition, project:Project)
 

90dc623

645f6f1

app/views/user/edit.scala.html

--- app/views/user/edit.scala.html

+++ app/views/user/edit.scala.html


 @**
-* Yobi, Project Hosting SW
+* Yona, 21st Century Project Hosting SW
 *
-* Copyright 2012 NAVER Corp.
-* http://yobi.io
-*
-* @author Ahn Hyeok Jun
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*   http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
+* Copyright Yona & Yobi Authors & NAVER Corp.
+* https://yona.io
 **@
 @(userForm: play.data.Form[User], user:User)
 
 @import helper._
 @import utils.TemplateHelper._
+@import utils.HtmlUtil
 
 @siteLayout(user.loginId, utils.MenuType.USER) {
 <div class="site-breadcrumb-outer">

             </dd>
           <dt>@Messages("user.name")</dt>
           <dd class="mt10">
-            <input type="text" name="name" class="text" value="@user.name">
+            <input type="text" name="name" class="text" value="@HtmlUtil.defaultSanitize(user.name)">
           </dd>
           <dt>@Messages("user.email")</dt>
           <dd class="mt10">

90dc623

645f6f1

public/javascripts/common/yobi.ui.Dialog.js

--- public/javascripts/common/yobi.ui.Dialog.js

+++ public/javascripts/common/yobi.ui.Dialog.js


             var aButtonStyles = htOptions.aButtonStyles || [];
 
             for(var i = 0, nLength = aButtonLabels.length; i < nLength; i++){
-                aButtonsHTML.push($yobi.tmpl(htVar.sTplCustomButton, {
+                aButtonsHTML.push($.tmpl(htVar.sTplCustomButton, {
                     "text" : aButtonLabels[i],
                     "class": aButtonStyles[i] || (aButtonStyles.length === 0 && i === nLength-1 ? "ybtn-primary" : "ybtn-default")
                 }));

90dc623

645f6f1

public/javascripts/common/yobi.ui.Select2.js

--- public/javascripts/common/yobi.ui.Select2.js

+++ public/javascripts/common/yobi.ui.Select2.js


                 }
 
                 if(_doesntHaveProjectAvatar()){
-                    return $yobi.tmpl($("#tplSelect2ProjectsWithoutAvatar").text(), {
+                    return $.tmpl($("#tplSelect2ProjectsWithoutAvatar").text(), {
                         "name"     : itemObject.text
                     });
                 } else {
-                    return $yobi.tmpl($("#tplSelect2Projects").text(), {
+                    return $.tmpl($("#tplSelect2Projects").text(), {
                         "avatarURL": avatarURL,
                         "name"     : itemObject.text.trim()
                     });
                 }
             },
             "issues": function(itemObject){
-                return $yobi.tmpl($("#tplSelect2FormatIssues").text(), {
+                return $.tmpl($("#tplSelect2FormatIssues").text(), {
                     "name"     : itemObject.text
                 });
             },

 
                 var loginId = itemElement.data("loginId") ? "@" + itemElement.data("loginId") : "";
 
-                var formattedResult = $yobi.tmpl(tplUserItem, {
+                var formattedResult = $.tmpl(tplUserItem, {
                     "avatarURL": avatarURL,
                     "name"     : itemObject.text.trim(),
                     "loginId"  : loginId

                 var tplMilestoneItem = $("#tplSElect2FormatMilestone").text()
                                     || '<div title="[${stateLabel}] ${name}">${name}</div>';
 
-                var formattedResult = $yobi.tmpl(tplMilestoneItem, {
+                var formattedResult = $.tmpl(tplMilestoneItem, {
                     "name" : itemObject.text.trim().replace('<', '&lt;'),
                     "state": milestoneState,
                     "stateLabel": milestoneStateLabel

                     };
                     var tpl = '<i class="${css}" data-toggle="tooltip" data-html="true" data-placement="right" title="${title}"></i><span>${text}</span>';
 
-                    return $yobi.tmpl(tpl, data);
+                    return $.tmpl(tpl, data);
                 }
 
                 return '<a class="label issue-label active static" data-label-id="' + labelId + '">' + text + '</a>';

 
                 // branchType will be "unknown"
                 // if selected branch name doesn't starts with /refs
-                var formattedResult = $yobi.tmpl(tplBranchItem, {
+                var formattedResult = $.tmpl(tplBranchItem, {
                     "branchType": branchType,
                     "branchName": branchName
                 });

90dc623

645f6f1

public/javascripts/service/yobi.code.Browser.js

--- public/javascripts/service/yobi.code.Browser.js

+++ public/javascripts/service/yobi.code.Browser.js


                 if(htSortedData[sType] instanceof Array){
                     htSortedData[sType].forEach(function(htFile){
                         htFile = _getFileInfoForTpl(htFile, sTargetPath);
-                        aHTML.push($yobi.tmpl(htVar.sTplListItem, htFile));
+                        aHTML.push($.tmpl(htVar.sTplListItem, htFile));
                     });
                 }
             });

90dc623

645f6f1

public/javascripts/service/yobi.code.Diff.js

--- public/javascripts/service/yobi.code.Diff.js

+++ public/javascripts/service/yobi.code.Diff.js


                 waTargets.each(function(i, el){
                     welTarget = $(el);
 
-                    aLinks.push($yobi.tmpl(htVar.sTplMiniMapLink, {
+                    aLinks.push($.tmpl(htVar.sTplMiniMapLink, {
                         "id"    : welTarget.attr("id"),
                         "top"   : Math.ceil(welTarget.offset().top * htVar.nMiniMapRatio),
                         "height": Math.ceil(welTarget.height() * htVar.nMiniMapRatio)

90dc623

645f6f1

public/javascripts/service/yobi.code.SvnDiff.js

--- public/javascripts/service/yobi.code.SvnDiff.js

+++ public/javascripts/service/yobi.code.SvnDiff.js


                 waTargets.each(function(i, el){
                     welTarget = $(el);
 
-                    aLinks.push($yobi.tmpl(htVar.sTplMiniMapLink, {
+                    aLinks.push($.tmpl(htVar.sTplMiniMapLink, {
                         "id"    : welTarget.attr("id"),
                         "top"   : Math.ceil(welTarget.offset().top * htVar.nMiniMapRatio),
                         "height": Math.ceil(welTarget.height() * htVar.nMiniMapRatio)

90dc623

645f6f1

public/javascripts/service/yobi.issue.MassUpdate.js

--- public/javascripts/service/yobi.issue.MassUpdate.js

+++ public/javascripts/service/yobi.issue.MassUpdate.js


                 // Label
                 for(sLabelId in htLabels[sCategory]){
                     htLabel = htLabels[sCategory][sLabelId];
-                    aHTML.push($yobi.tmpl(sTpl, htLabel));
+                    aHTML.push($.tmpl(sTpl, htLabel));
                 }
 
                 aHTML.push('<li class="divider"></li>');

90dc623

645f6f1

public/javascripts/yona-lib.js

--- public/javascripts/yona-lib.js

+++ public/javascripts/yona-lib.js


 32:"SPACE",8:"BACKSPACE",9:"TAB",46:"DELETE",33:"PAGEUP",34:"PAGEDOWN",36:"HOME",35:"END",65:"A",66:"B",67:"C",68:"D",69:"E",70:"F",71:"G",72:"H",73:"I",74:"J",75:"K",76:"L",77:"M",78:"N",79:"O",80:"P",81:"Q",82:"R",83:"S",84:"T",85:"U",86:"V",87:"W",88:"X",89:"Y",90:"Z",48:"0",49:"1",50:"2",51:"3",52:"4",53:"5",54:"6",55:"7",56:"8",57:"9",219:"[",221:"]",186:";",222:"'",188:",",190:".",191:"/",189:"-",187:"=",220:"\\",192:"`",112:"F1",113:"F2",114:"F3",115:"F4",116:"F5",117:"F6",118:"F7",119:"F8",
 120:"F9",121:"F10",122:"F11",123:"F12"};$(window).on({keydown:q,beforeunload:l});return{attach:r,detach:u,getHandlers:function(){return e},setKeymapLink:function(c){var b,a=function(a){a.bFormInput||(document.location.href=c[a.sKeyInput])};for(b in c)c[b]?r(b,a):u(b)}}}();(function(h){h=$yobi.createNamespace(h);h.container[h.name]=function(h,r){function u(b){if("function"===typeof e.fOnClickButton&&!1===e.fOnClickButton({weEvt:b,nButtonIndex:$(this).index()}))return!1;k()}function k(){c.welContainer.modal("hide")}function l(){"function"==typeof e.fOnAfterShow&&e.fOnAfterShow();e.bAutoFocusOnLastButton&&c.welButtons.find(".ybtn-primary:last,button:last").focus()}function f(){c.welMessage.html("");"function"==typeof e.fOnAfterHide&&e.fOnAfterHide()}var e={},c={};(function(b,
 a){e.sDefaultButton='<button type="button" class="ybtn ybtn-info" data-dismiss="modal">'+Messages("button.confirm")+"</button>";e.sTplCustomButton='<button type="button" class="ybtn ${class}">${text}</button>';e.bAutoFocusOnLastButton="undefined"!==typeof a.bAutoFocusOnLastButton?a.bAutoFocusOnLastButton:!0;c.welContainer=$(b).clone();c.welMessage=c.welContainer.find(".msg");c.welDescription=c.welContainer.find(".desc");c.welButtons=c.welContainer.find(".buttons");c.welContainer.modal({show:!1});
-c.welContainer.on("shown",l);c.welContainer.on("hidden",f);c.welContainer.on("click","button.ybtn",u)})(h,r||{});return{show:function(b,a,d){e.fOnAfterShow=d.fOnAfterShow;e.fOnAfterHide=d.fOnAfterHide;e.fOnClickButton=d.fOnClickButton;var f;if(d.aButtonLabels){f=[];var k=d.aButtonLabels;d=d.aButtonStyles||[];for(var h=0,l=k.length;h<l;h++)f.push($yobi.tmpl(e.sTplCustomButton,{text:k[h],"class":d[h]||(0===d.length&&h===l-1?"ybtn-primary":"ybtn-default")}));f=f.join("")}else f=e.sDefaultButton;c.welButtons.html(f);
+c.welContainer.on("shown",l);c.welContainer.on("hidden",f);c.welContainer.on("click","button.ybtn",u)})(h,r||{});return{show:function(b,a,d){e.fOnAfterShow=d.fOnAfterShow;e.fOnAfterHide=d.fOnAfterHide;e.fOnClickButton=d.fOnClickButton;var f;if(d.aButtonLabels){f=[];var k=d.aButtonLabels;d=d.aButtonStyles||[];for(var h=0,l=k.length;h<l;h++)f.push($.tmpl(e.sTplCustomButton,{text:k[h],"class":d[h]||(0===d.length&&h===l-1?"ybtn-primary":"ybtn-default")}));f=f.join("")}else f=e.sDefaultButton;c.welButtons.html(f);
 c.welMessage.html($yobi.nl2br(b));c.welDescription.html($yobi.nl2br(a||""));c.welContainer.modal("show")},hide:k}}})("yobi.ui.Dialog");(function(h){h=$yobi.createNamespace(h);h.container[h.name]=function(h){function r(b){if(0<b.originalEvent.deltaY&&a.welList.scrollTop()+a.welList.height()===a.welList.get(0).scrollHeight||0>b.originalEvent.deltaY&&0===a.welList.scrollTop())return b.preventDefault(),b.stopPropagation(),!1}function u(a){var b=$(a.target),b="LI"===a.target.tagName?b:$(b.parents("li")[0]);if(0===b.length||"undefined"===typeof b.attr("data-value"))return a.stopPropagation(),a.preventDefault(),!1;k(b);l(b);f()}function k(b){a.welSelectedLabel.html(b.html());
 a.waItems.removeClass("active");b.addClass("active")}function l(c){c=c.attr("data-value");var e=a.welContainer.attr("data-name");b.sName=e;b.sValue=c;if("undefined"!==typeof e){var f=a.welContainer.find("input[name='"+e+"']");0===f.length&&(f=$('<input type="hidden" name="'+e+'">'),a.welContainer.append(f));f.val(c)}}function f(){"function"==typeof b.fOnChange&&setTimeout(function(){b.fOnChange(e())},0)}function e(){return b.sValue}function c(b){b=a.welContainer.find(b);if(0>=b.length)return!1;b=
 $(b[0]);k(b);l(b);return!0}var b={sValue:""},a={};(function(d){a.welContainer=$(d.elContainer);a.welSelectedLabel=a.welContainer.find(".d-label");a.welList=a.welContainer.find(".dropdown-menu");a.waItems=a.welList.find("li");a.welList.on("click","li",u);a.welList.on("mousewheel",r);b.fOnChange=d.fOnChange;c("li[data-selected=true]")})(h);return{getValue:e,onChange:function(a){b.fOnChange=a;return!0},selectByValue:function(a){return c("li[data-value='"+a+"']")},selectItem:c}}})("yobi.ui.Dropdown");$(document).ready(function(){function h(k,h){var f;h=$("#"+k).find("li > a");(f=localStorage.getItem("yobitab-"+k))&&h[f]&&(f=$(h[f]))&&f.data(!1)&&f.tab("show")}var q,r,u;$(".nav-tabs[id]").each(function(k,l){r=$(l);u=r.attr("id");"undefined"!=typeof u&&(q=r.find("li"),q.click(function(){localStorage.setItem("yobitab-"+u,$(this).index())}),h(u,q))})});(function(h){h=$yobi.createNamespace(h);h.container[h.name]=function(h,r){function u(c){$(this).remove()}function k(c,b){c.bind("webkitTransitionEnd",function(){c.remove()});setTimeout(function(){c.css("opacity",0)},b)}var l,f,e;(function(c,b){b.sTplToast=b.sTplToast.replace("\n","");l=b.sTplToast||'<div class="toast" tabindex="-1">            <div class="btn-dismiss"><button type="button" class="btn-transparent">&times;</button></div>            <div class="center-text msg"></div></div>';f=$(c);

...	...	@@ -101,7 +101,7 @@
101	101	var aButtonStyles = htOptions.aButtonStyles \|\| [];
102	102
103	103	for(var i = 0, nLength = aButtonLabels.length; i < nLength; i++){
104		- aButtonsHTML.push($yobi.tmpl(htVar.sTplCustomButton, {
	104	+ aButtonsHTML.push($.tmpl(htVar.sTplCustomButton, {
105	105	"text" : aButtonLabels[i],
106	106	"class": aButtonStyles[i] \|\| (aButtonStyles.length === 0 && i === nLength-1 ? "ybtn-primary" : "ybtn-default")
107	107	}));

...	...	@@ -245,7 +245,7 @@
245	245	if(htSortedData[sType] instanceof Array){
246	246	htSortedData[sType].forEach(function(htFile){
247	247	htFile = _getFileInfoForTpl(htFile, sTargetPath);
248		- aHTML.push($yobi.tmpl(htVar.sTplListItem, htFile));
	248	+ aHTML.push($.tmpl(htVar.sTplListItem, htFile));
249	249	});
250	250	}
251	251	});

...	...	@@ -651,7 +651,7 @@
651	651	waTargets.each(function(i, el){
652	652	welTarget = $(el);
653	653
654		- aLinks.push($yobi.tmpl(htVar.sTplMiniMapLink, {
	654	+ aLinks.push($.tmpl(htVar.sTplMiniMapLink, {
655	655	"id" : welTarget.attr("id"),
656	656	"top" : Math.ceil(welTarget.offset().top * htVar.nMiniMapRatio),
657	657	"height": Math.ceil(welTarget.height() * htVar.nMiniMapRatio)

...	...	@@ -515,7 +515,7 @@
515	515	waTargets.each(function(i, el){
516	516	welTarget = $(el);
517	517
518		- aLinks.push($yobi.tmpl(htVar.sTplMiniMapLink, {
	518	+ aLinks.push($.tmpl(htVar.sTplMiniMapLink, {
519	519	"id" : welTarget.attr("id"),
520	520	"top" : Math.ceil(welTarget.offset().top * htVar.nMiniMapRatio),
521	521	"height": Math.ceil(welTarget.height() * htVar.nMiniMapRatio)

...	...	@@ -226,7 +226,7 @@
226	226	// Label
227	227	for(sLabelId in htLabels[sCategory]){
228	228	htLabel = htLabels[sCategory][sLabelId];
229		- aHTML.push($yobi.tmpl(sTpl, htLabel));
	229	+ aHTML.push($.tmpl(sTpl, htLabel));
230	230	}
231	231
232	232	aHTML.push('<li class="divider"></li>');

...	...	@@ -51,6 +51,7 @@
51	51	import static play.data.Form.form;
52	52	import static play.libs.Json.toJson;
53	53	import static utils.HtmlUtil.defaultSanitize;
	54	+import org.apache.commons.lang3.StringEscapeUtils;
54	55
55	56	public class UserApp extends Controller {
56	57	public static final String SESSION_USERID = "userId";
...	...	@@ -843,7 +844,7 @@
843	844	return badRequest(edit.render(userForm, user));
844	845	}
845	846	user.email = newEmail;
846		- user.name = newName;
	847	+ user.name = HtmlUtil.defaultSanitize(newName);
847	848
848	849	try {
849	850	Long avatarId = Long.valueOf(userForm.data().get("avatarId"));

...	...	@@ -7,6 +7,7 @@
7	7	@(posting:models.AbstractPosting)
8	8
9	9	@import utils.TemplateHelper._
	10	+@import utils.HtmlUtil
10	11
11	12	<div id="-yona-posting-history" class="modal hide">
12	13	<div class="modal-header">
...	...	@@ -15,7 +16,7 @@
15	16	</div>
16	17	<div class="modal-body">
17	18	<p>
18		- @Html(posting.history)
	19	+ @Html(HtmlUtil.defaultSanitize(posting.history))
19	20	</p>
20	21	</div>
21	22	<div class="modal-footer">

...	...	@@ -1,22 +1,8 @@
1	1	@**
2		-* Yobi, Project Hosting SW
	2	+* Yona, 21st Century Project Hosting SW
3	3	*
4		-* Copyright 2013 NAVER Corp.
5		-* http://yobi.io
6		-*
7		-* @author JiHan Kim
8		-*
9		-* Licensed under the Apache License, Version 2.0 (the "License");
10		-* you may not use this file except in compliance with the License.
11		-* You may obtain a copy of the License at
12		-*
13		-* http://www.apache.org/licenses/LICENSE-2.0
14		-*
15		-* Unless required by applicable law or agreed to in writing, software
16		-* distributed under the License is distributed on an "AS IS" BASIS,
17		-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18		-* See the License for the specific language governing permissions and
19		-* limitations under the License.
	4	+* Copyright Yona & Yobi Authors & NAVER Corp.
	5	+* https://yona.io
20	6	**@
21	7
22	8	<script src="@routes.Assets.at("javascripts/lib/select2/select2.js")"></script>

...	...	@@ -1,27 +1,14 @@
1	1	@**
2		-* Yobi, Project Hosting SW
	2	+* Yona, 21st Century Project Hosting SW
3	3	*
4		-* Copyright 2013 NAVER Corp.
5		-* http://yobi.io
6		-*
7		-* @author Yi EungJun
8		-*
9		-* Licensed under the Apache License, Version 2.0 (the "License");
10		-* you may not use this file except in compliance with the License.
11		-* You may obtain a copy of the License at
12		-*
13		-* http://www.apache.org/licenses/LICENSE-2.0
14		-*
15		-* Unless required by applicable law or agreed to in writing, software
16		-* distributed under the License is distributed on an "AS IS" BASIS,
17		-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18		-* See the License for the specific language governing permissions and
19		-* limitations under the License.
	4	+* Copyright Yona & Yobi Authors & NAVER Corp.
	5	+* https://yona.io
20	6	**@
21	7	@(from: Integer, size: Integer)
22	8
23	9	@import utils.TemplateHelper._
24	10	@import utils.JodaDateUtil
	11	+@import utils.HtmlUtil
25	12
26	13	@notifycationIcon(notifytype: EventType, state: String) = @{
27	14	notifytype match {
...	...	@@ -80,7 +67,7 @@
80	67	}
81	68	</div>
82	69	<div class="message-wrap nowrap" id="message-@noti.id">
83		- <div class="message">@Html(noti.getMessage.replaceAll("\n", "<br/>\n"))</div>
	70	+ <div class="message">@Html(HtmlUtil.defaultSanitize(noti.getMessage.replaceAll("\n", "<br/>\n")))</div>
84	71	</div>
85	72	<div class="meta">
86	73	@if(user != null){

...	...	@@ -51,18 +51,18 @@
51	51	}
52	52
53	53	if(_doesntHaveProjectAvatar()){
54		- return $yobi.tmpl($("#tplSelect2ProjectsWithoutAvatar").text(), {
	54	+ return $.tmpl($("#tplSelect2ProjectsWithoutAvatar").text(), {
55	55	"name" : itemObject.text
56	56	});
57	57	} else {
58		- return $yobi.tmpl($("#tplSelect2Projects").text(), {
	58	+ return $.tmpl($("#tplSelect2Projects").text(), {
59	59	"avatarURL": avatarURL,
60	60	"name" : itemObject.text.trim()
61	61	});
62	62	}
63	63	},
64	64	"issues": function(itemObject){
65		- return $yobi.tmpl($("#tplSelect2FormatIssues").text(), {
	65	+ return $.tmpl($("#tplSelect2FormatIssues").text(), {
66	66	"name" : itemObject.text
67	67	});
68	68	},
...	...	@@ -82,7 +82,7 @@
82	82
83	83	var loginId = itemElement.data("loginId") ? "@" + itemElement.data("loginId") : "";
84	84
85		- var formattedResult = $yobi.tmpl(tplUserItem, {
	85	+ var formattedResult = $.tmpl(tplUserItem, {
86	86	"avatarURL": avatarURL,
87	87	"name" : itemObject.text.trim(),
88	88	"loginId" : loginId
...	...	@@ -103,7 +103,7 @@
103	103	var tplMilestoneItem = $("#tplSElect2FormatMilestone").text()
104	104	\|\| '<div title="[${stateLabel}] ${name}">${name}</div>';
105	105
106		- var formattedResult = $yobi.tmpl(tplMilestoneItem, {
	106	+ var formattedResult = $.tmpl(tplMilestoneItem, {
107	107	"name" : itemObject.text.trim().replace('<', '<'),
108	108	"state": milestoneState,
109	109	"stateLabel": milestoneStateLabel
...	...	@@ -128,7 +128,7 @@
128	128	};
129	129	var tpl = '<i class="${css}" data-toggle="tooltip" data-html="true" data-placement="right" title="${title}"></i><span>${text}</span>';
130	130
131		- return $yobi.tmpl(tpl, data);
	131	+ return $.tmpl(tpl, data);
132	132	}
133	133
134	134	return '<a class="label issue-label active static" data-label-id="' + labelId + '">' + text + '</a>';
...	...	@@ -157,7 +157,7 @@
157	157
158	158	// branchType will be "unknown"
159	159	// if selected branch name doesn't starts with /refs
160		- var formattedResult = $yobi.tmpl(tplBranchItem, {
	160	+ var formattedResult = $.tmpl(tplBranchItem, {
161	161	"branchType": branchType,
162	162	"branchName": branchName
163	163	});

...	...	@@ -35,7 +35,7 @@
35	35	32:"SPACE",8:"BACKSPACE",9:"TAB",46:"DELETE",33:"PAGEUP",34:"PAGEDOWN",36:"HOME",35:"END",65:"A",66:"B",67:"C",68:"D",69:"E",70:"F",71:"G",72:"H",73:"I",74:"J",75:"K",76:"L",77:"M",78:"N",79:"O",80:"P",81:"Q",82:"R",83:"S",84:"T",85:"U",86:"V",87:"W",88:"X",89:"Y",90:"Z",48:"0",49:"1",50:"2",51:"3",52:"4",53:"5",54:"6",55:"7",56:"8",57:"9",219:"[",221:"]",186:";",222:"'",188:",",190:".",191:"/",189:"-",187:"=",220:"\\",192:"`",112:"F1",113:"F2",114:"F3",115:"F4",116:"F5",117:"F6",118:"F7",119:"F8",
36	36	120:"F9",121:"F10",122:"F11",123:"F12"};$(window).on({keydown:q,beforeunload:l});return{attach:r,detach:u,getHandlers:function(){return e},setKeymapLink:function(c){var b,a=function(a){a.bFormInput\|\|(document.location.href=c[a.sKeyInput])};for(b in c)c[b]?r(b,a):u(b)}}}();(function(h){h=$yobi.createNamespace(h);h.container[h.name]=function(h,r){function u(b){if("function"===typeof e.fOnClickButton&&!1===e.fOnClickButton({weEvt:b,nButtonIndex:$(this).index()}))return!1;k()}function k(){c.welContainer.modal("hide")}function l(){"function"==typeof e.fOnAfterShow&&e.fOnAfterShow();e.bAutoFocusOnLastButton&&c.welButtons.find(".ybtn-primary:last,button:last").focus()}function f(){c.welMessage.html("");"function"==typeof e.fOnAfterHide&&e.fOnAfterHide()}var e={},c={};(function(b,
37	37	a){e.sDefaultButton='<button type="button" class="ybtn ybtn-info" data-dismiss="modal">'+Messages("button.confirm")+"</button>";e.sTplCustomButton='<button type="button" class="ybtn ${class}">${text}</button>';e.bAutoFocusOnLastButton="undefined"!==typeof a.bAutoFocusOnLastButton?a.bAutoFocusOnLastButton:!0;c.welContainer=$(b).clone();c.welMessage=c.welContainer.find(".msg");c.welDescription=c.welContainer.find(".desc");c.welButtons=c.welContainer.find(".buttons");c.welContainer.modal({show:!1});
38		-c.welContainer.on("shown",l);c.welContainer.on("hidden",f);c.welContainer.on("click","button.ybtn",u)})(h,r\|\|{});return{show:function(b,a,d){e.fOnAfterShow=d.fOnAfterShow;e.fOnAfterHide=d.fOnAfterHide;e.fOnClickButton=d.fOnClickButton;var f;if(d.aButtonLabels){f=[];var k=d.aButtonLabels;d=d.aButtonStyles\|\|[];for(var h=0,l=k.length;h<l;h++)f.push($yobi.tmpl(e.sTplCustomButton,{text:k[h],"class":d[h]\|\|(0===d.length&&h===l-1?"ybtn-primary":"ybtn-default")}));f=f.join("")}else f=e.sDefaultButton;c.welButtons.html(f);
	38	+c.welContainer.on("shown",l);c.welContainer.on("hidden",f);c.welContainer.on("click","button.ybtn",u)})(h,r\|\|{});return{show:function(b,a,d){e.fOnAfterShow=d.fOnAfterShow;e.fOnAfterHide=d.fOnAfterHide;e.fOnClickButton=d.fOnClickButton;var f;if(d.aButtonLabels){f=[];var k=d.aButtonLabels;d=d.aButtonStyles\|\|[];for(var h=0,l=k.length;h<l;h++)f.push($.tmpl(e.sTplCustomButton,{text:k[h],"class":d[h]\|\|(0===d.length&&h===l-1?"ybtn-primary":"ybtn-default")}));f=f.join("")}else f=e.sDefaultButton;c.welButtons.html(f);
39	39	c.welMessage.html($yobi.nl2br(b));c.welDescription.html($yobi.nl2br(a\|\|""));c.welContainer.modal("show")},hide:k}}})("yobi.ui.Dialog");(function(h){h=$yobi.createNamespace(h);h.container[h.name]=function(h){function r(b){if(0<b.originalEvent.deltaY&&a.welList.scrollTop()+a.welList.height()===a.welList.get(0).scrollHeight\|\|0>b.originalEvent.deltaY&&0===a.welList.scrollTop())return b.preventDefault(),b.stopPropagation(),!1}function u(a){var b=$(a.target),b="LI"===a.target.tagName?b:$(b.parents("li")[0]);if(0===b.length\|\|"undefined"===typeof b.attr("data-value"))return a.stopPropagation(),a.preventDefault(),!1;k(b);l(b);f()}function k(b){a.welSelectedLabel.html(b.html());
40	40	a.waItems.removeClass("active");b.addClass("active")}function l(c){c=c.attr("data-value");var e=a.welContainer.attr("data-name");b.sName=e;b.sValue=c;if("undefined"!==typeof e){var f=a.welContainer.find("input[name='"+e+"']");0===f.length&&(f=$('<input type="hidden" name="'+e+'">'),a.welContainer.append(f));f.val(c)}}function f(){"function"==typeof b.fOnChange&&setTimeout(function(){b.fOnChange(e())},0)}function e(){return b.sValue}function c(b){b=a.welContainer.find(b);if(0>=b.length)return!1;b=
41	41	$(b[0]);k(b);l(b);return!0}var b={sValue:""},a={};(function(d){a.welContainer=$(d.elContainer);a.welSelectedLabel=a.welContainer.find(".d-label");a.welList=a.welContainer.find(".dropdown-menu");a.waItems=a.welList.find("li");a.welList.on("click","li",u);a.welList.on("mousewheel",r);b.fOnChange=d.fOnChange;c("li[data-selected=true]")})(h);return{getValue:e,onChange:function(a){b.fOnChange=a;return!0},selectByValue:function(a){return c("li[data-value='"+a+"']")},selectItem:c}}})("yobi.ui.Dropdown");$(document).ready(function(){function h(k,h){var f;h=$("#"+k).find("li > a");(f=localStorage.getItem("yobitab-"+k))&&h[f]&&(f=$(h[f]))&&f.data(!1)&&f.tab("show")}var q,r,u;$(".nav-tabs[id]").each(function(k,l){r=$(l);u=r.attr("id");"undefined"!=typeof u&&(q=r.find("li"),q.click(function(){localStorage.setItem("yobitab-"+u,$(this).index())}),h(u,q))})});(function(h){h=$yobi.createNamespace(h);h.container[h.name]=function(h,r){function u(c){$(this).remove()}function k(c,b){c.bind("webkitTransitionEnd",function(){c.remove()});setTimeout(function(){c.css("opacity",0)},b)}var l,f,e;(function(c,b){b.sTplToast=b.sTplToast.replace("\n","");l=b.sTplToast\|\|'<div class="toast" tabindex="-1"> <div class="btn-dismiss"><button type="button" class="btn-transparent">×</button></div> <div class="center-text msg"></div></div>';f=$(c);

Delete comment