Bug 207044 - Filter more template directives. None of these are security bugs,…

Bugzilla/Template.pm

@@ -256,6 +256,11 @@ sub create {
                 $var =~ s/\@/\@/g;
                 return $var;
             },
+            
+            # We force filtering of every variable in key security-critical
+            # places; we have a none filter for people to use when they 
+            # really, really don't want a variable to be changed.
+            none => sub { return $_[0]; } ,
         },
 
         PLUGIN_BASE => 'Bugzilla::Template::Plugin',

checksetup.pl

@@ -1078,6 +1078,7 @@ END
                 csv => sub { return $_; },
                 time => sub { return $_; },
                 obscure_email => sub { return $_; },
+                none => sub { return $_; } ,
                },
            }) || die ("Could not create Template Provider: "
                        . Template::Provider->error() . "\n");

t/004template.t

@@ -99,6 +99,7 @@ foreach my $include_path (@include_paths) {
             csv       => sub { return $_ } ,
             time      => sub { return $_ } ,
             obscure_email => sub { return $_ } ,
+            none      => sub { return $_ } ,
         },
     }
     );

t/008filter.t

@@ -199,7 +199,7 @@ sub directive_ok {
     # Note: If a single directive prints two things, and only one is 
     # filtered, we may not catch that case.
     return 1 if $directive =~ /FILTER\ (html|csv|js|url_quote|css_class_quote|
-                                        quoteUrls|time|uri|xml|lower)/x;
+                                        quoteUrls|time|uri|xml|lower|none)/x;
 
     return 0;
 }

template/en/default/account/prefs/account.html.tmpl

@@ -74,7 +74,7 @@
         </tr>
         <tr>
           <th align="right">Change request expires:</th>
-          <td>[% login_change_date %]</td>
+          <td>[% login_change_date FILTER time %]</td>
         </tr>
       [% ELSE %]
         <tr>
@@ -83,7 +83,7 @@
         </tr>
         <tr>
           <th align="right">Completion date:</th>
-          <td>[% login_change_date %]</td>
+          <td>[% login_change_date FILTER time %]</td>
         </tr>
       [% END %]
     [% ELSE %]

template/en/default/account/prefs/email.html.tmpl

@@ -57,7 +57,8 @@
     <tr>
       <th align="right">Users to watch:</th>
       <td>
-        <input size="35" name="watchedusers" value="[% watchedusers %]">
+        <input size="35" name="watchedusers" 
+               value="[% watchedusers FILTER html %]">
       </td>
     </tr>
   [% END %]

template/en/default/admin/flag-type/confirm-delete.html.tmpl

@@ -29,7 +29,7 @@
 %]
 
 <p>
-   There are [% flag_count %] flags of type [% name %].
+   There are [% flag_count %] flags of type [% name FILTER html %].
    If you delete this type, those flags will also be deleted.  Note that
    instead of deleting the type you can
    <a href="editflagtypes.cgi?action=deactivate&amp;id=[% flag_type.id %]">deactivate it</a>,

template/en/default/admin/flag-type/edit.html.tmpl

@@ -67,10 +67,10 @@
   <input type="hidden" name="id" value="[% type.id %]">
   <input type="hidden" name="target_type" value="[% type.target_type %]">
   [% FOREACH category = type.inclusions %]
-    <input type="hidden" name="inclusions" value="[% category %]">
+    <input type="hidden" name="inclusions" value="[% category FILTER html %]">
   [% END %]
   [% FOREACH category = type.exclusions %]
-    <input type="hidden" name="exclusions" value="[% category %]">
+    <input type="hidden" name="exclusions" value="[% category FILTER html %]">
   [% END %]
 
   <table id="form" cellspacing="0" cellpadding="4" border="0">
@@ -105,13 +105,17 @@
               <select name="product" onchange="selectProduct(this.form, 'product', 'component', '__Any__');">
                 <option value="">__Any__</option>
                 [% FOREACH item = products %]
-                  <option value="[% item %]" [% "selected" IF type.product.name == item %]>[% item %]</option>
+                  <option value="[% item FILTER html %]" 
+                          [% "selected" IF type.product.name == item %]>
+                          [% item FILTER html %]</option>
                 [% END %]
               </select><br>
               <select name="component">
                 <option value="">__Any__</option>
                 [% FOREACH item = components %]
-                  <option value="[% item %]" [% "selected" IF type.component.name == item %]>[% item %]</option>
+                  <option value="[% item FILTER html %]" 
+                          [% "selected" IF type.component.name == item %]>
+                          [% item FILTER html %]</option>
                 [% END %]
               </select><br>
               <input type="submit" name="categoryAction" value="Include">
@@ -186,7 +190,10 @@
     <tr>
       <th></th>
       <td>
-        <input type="submit" value="[% (last_action == "enter" || last_action == "copy") ? "Create" : "Save Changes" %]">
+        <input type="submit" value="        
+          [% IF (last_action == "enter" || last_action == "copy") %]Create 
+          [% ELSE %]Save Changes 
+          [% END %]">
       </td>
     </tr>
 

template/en/default/admin/flag-type/list.html.tmpl

@@ -92,7 +92,7 @@
 
     [% FOREACH type = types %]
 
-      <tr class="[% type.is_active ? "active" : "inactive" %]">
+      <tr class="[% IF type.is_active %]active[% ELSE %]inactive[% END %]">
         <td><a href="editflagtypes.cgi?action=edit&amp;id=[% type.id %]">[% type.name FILTER html %]</a></td>
         <td>[% type.description FILTER html %]</td>
         <td>

template/en/default/attachment/list.html.tmpl

@@ -53,13 +53,13 @@
           [% IF attachment.flags.size == 0 %]
             <i>none</i>
           [% ELSE %]
-            [% FOR flag = attachment.flags %]
+            [% FOREACH flag = attachment.flags %]
                 [% IF flag.setter %]
                   [% flag.setter.nick FILTER html %]:
                 [% END %]
-                [%+ flag.type.name %][% flag.status %]
+                [%+ flag.type.name FILTER html %][% flag.status %]
                 [%+ IF flag.status == "?" && flag.requestee %]
-                  ([% flag.requestee.nick %])
+                  ([% flag.requestee.nick FILTER html %])
                 [% END %]<br>
             [% END %]
           [% END %]

template/en/default/bug/activity/table.html.tmpl

@@ -60,7 +60,7 @@
     [% FOREACH operation = operations %]
       <tr>
         <td rowspan="[% operation.changes.size %]" valign="top">
-          [% operation.who %]
+          [% operation.who FILTER html %]
         </td>
         <td rowspan="[% operation.changes.size %]" valign="top">
           [% operation.when FILTER time %]

template/en/default/bug/create/create-guided.html.tmpl

@@ -224,7 +224,8 @@ function PutDescription() {
         The area where the problem occurs.
         To pick the right component, you could use the same one as
         similar [% terms.bugs %] you found in your search, or read the full list of
-        <a href="describecomponents.cgi?product=[% product %]">component
+        <a href="describecomponents.cgi?product=
+            [% product FILTER url_quote %]">component
         descriptions</a> if you need more help.
       </p>
 

template/en/default/bug/create/create.html.tmpl

@@ -171,7 +171,8 @@ function set_assign_to() {
     <td colspan="2"></td>
   </tr>
 [% ELSE %]
-  <input type="hidden" name="bug_status" value="[% default.bug_status %]">
+  <input type="hidden" name="bug_status" 
+         value="[% default.bug_status FILTER html %]">
 [% END %]
 
   <tr>

template/en/default/bug/dependency-tree.html.tmpl

@@ -32,8 +32,14 @@
 [% PROCESS depthControlToolbar %]
 
 [%# Display the tree of bugs that this bug depends on. %]
-<h3>[% hide_resolved ? "Open $terms.bugs" : "$terms.Bugs" %]
- that <a href="show_bug.cgi?id=[% bugid %]">[% terms.bug %]&nbsp;[% bugid %]</a> depends on</h3>
+<h3>
+  [% IF hide_resolved %]
+    Open [% terms.bugs %]
+  [% ELSE %]
+    [% terms.Bugs %]
+  [% END %] 
+  that <a href="show_bug.cgi?id=[% bugid %]">[% terms.bug %]&nbsp;[% bugid %]</a> 
+  depends on</h3>
 [% IF dependson_ids.size > 0 %]
   (
   [% IF maxdepth -%]Up to [% maxdepth %] level[% "s" IF maxdepth > 1 %] deep | [% END %]
@@ -48,8 +54,14 @@
 [% END %]
 
 [%# Display the tree of bugs that this bug blocks. %]
-<h3>[% hide_resolved ? "Open $terms.bugs" : "$terms.Bugs" %]
- that <a href="show_bug.cgi?id=[% bugid %]">[% terms.bug %]&nbsp;[% bugid %]</a> blocks</h3>
+<h3>
+  [% IF hide_resolved %]
+    Open [% terms.bugs %]
+  [% ELSE %]
+    [% terms.Bugs %]
+  [% END %] 
+  that <a href="show_bug.cgi?id=[% bugid %]">[% terms.bug %]&nbsp;[% bugid %]</a> 
+  blocks</h3>
 [% IF blocked_ids.size > 0 %]
   (
   [% IF maxdepth -%]Up to [% maxdepth %] level[% "s" IF maxdepth > 1 %] deep | [% END %]
@@ -112,7 +124,8 @@
        <input name="maxdepth" type="hidden" value="[% maxdepth %]">
      [% END %]
      <input type="hidden" name="hide_resolved" value="[% hide_resolved ? 0 : 1 %]">
-     <input type="submit" value="[% hide_resolved ? "Show" : "Hide" %] Resolved">
+     <input type="submit" 
+            value="[% IF hide_resolved %]Show[% ELSE %]Hide[% END %] Resolved">
    </form>
    </td>
 
@@ -128,9 +141,8 @@
    <form method="get" action="showdependencytree.cgi"
          style="display: inline; margin: 0px;">
      [%# set to one form %]
-     <input type="submit" value="&nbsp;1&nbsp;" [%
-         realdepth < 2 || maxdepth == 1 ? "disabled" : ""
-     %]>
+     <input type="submit" value="&nbsp;1&nbsp;" 
+       [% "disabled" IF realdepth < 2 || maxdepth == 1 %]>
      <input name="id" type="hidden" value="[% bugid %]">
      <input name="maxdepth" type="hidden" value="1">
      <input name="hide_resolved" type="hidden" value="[% hide_resolved %]">
@@ -148,9 +160,8 @@
                        : ( maxdepth ? maxdepth - 1 : realdepth - 1 )
      %]">
      <input name="hide_resolved" type="hidden" value="[% hide_resolved %]">
-     <input type="submit" value="&nbsp;&lt;&nbsp;" [%
-        realdepth < 2 || ( maxdepth && maxdepth < 2 ) ? "disabled" : ""
-     %]>
+     <input type="submit" value="&nbsp;&lt;&nbsp;" 
+       [% "disabled" IF realdepth < 2 || ( maxdepth && maxdepth < 2 ) %]>
    </form>
    </td>
 
@@ -165,7 +176,7 @@
      <input name="id" type="hidden" value="[% bugid %]">
      <input name="hide_resolved" type="hidden" value="[% hide_resolved %]">
      <noscript>
-       <input type="submit" value="Change" [% realdepth < 2 ? "disabled" : "" %]>
+       <input type="submit" value="Change" [% "disabled" IF realdepth < 2 %]>
      </noscript>
    </form>
    </td>
@@ -180,10 +191,9 @@
        <input name="maxdepth" type="hidden" value="[% maxdepth + 1 %]">
      [% END %]
      <input name="hide_resolved" type="hidden" value="[% hide_resolved %]">
-     <input type="submit" value="&nbsp;&gt;&nbsp;" [%
-            realdepth < 2 || ! maxdepth || maxdepth >= realdepth ?
-            "disabled" : ""
-     %]>
+     <input type="submit" value="&nbsp;&gt;&nbsp;" 
+        [% "disabled" IF realdepth < 2 || !maxdepth || maxdepth >= realdepth %]
+    %]>
    </form>
    </td>
 
@@ -194,7 +204,7 @@
      <input name="id" type="hidden" value="[% bugid %]">
      <input name="hide_resolved" type="hidden" value="[% hide_resolved %]">
      <input type="submit" value="&nbsp;Unlimited&nbsp;"
-       [% maxdepth == 0 || maxdepth == realdepth ? "disabled" : "" %]>
+       [% "disabled" IF maxdepth == 0 || maxdepth == realdepth %]>
    </form>
    </td>
  </tr>

template/en/default/bug/process/bugmail.html.tmpl

@@ -61,10 +61,10 @@
 [%############################################################################%]
 
 [% BLOCK emails %]
-  <b>[% description %]:</b>
+  <b>[% description FILTER html %]:</b>
   [% IF names.size > 0 %]
     [%+ FOREACH name = names %]
-      [% name %][% ", " UNLESS loop.last() %]
+      [% name FILTER html %][% ", " UNLESS loop.last() %]
     [% END %]
   [% ELSE %]
     no one

template/en/default/bug/process/verify-new-product.html.tmpl

@@ -48,11 +48,13 @@
 
   <p>
   [% IF use_target_milestone %]
-    You are moving the [% terms.bug %](s) to the product <b>[% form.product %]</b>,
+    You are moving the [% terms.bug %](s) to the product 
+    <b>[% form.product FILTER html %]</b>,
     and the version, component, and/or target milestone fields are no longer
     correct.  Please set the correct version, component, and target milestone now:
   [% ELSE %]
-    You are moving the [% terms.bug %](s) to the product <b>[% form.product %]</b>,
+    You are moving the [% terms.bug %](s) to the product 
+    <b>[% form.product FILTER html %]</b>,
     and the version and component fields are no longer correct.
     Please set the correct version and component now:
   [% END %]

template/en/default/bug/show-multiple.html.tmpl

@@ -97,7 +97,7 @@
     <tr>
       <td colspan="2">
         <b>Component:</b>&nbsp;
-        [% bug.component %]
+        [% bug.component FILTER html %]
       </td>
 
       <td colspan="2">
@@ -190,7 +190,7 @@
 
 [% BLOCK cell %]
   <td>
-    <b>[% attr.description%]:</b>&nbsp;
+    <b>[% attr.description FILTER html %]:</b>&nbsp;
     [% bug.${attr.name} FILTER html %]
   </td>
 [% END %]

template/en/default/bug/votes/list-for-user.html.tmpl

@@ -21,9 +21,9 @@
 
 [% PROCESS global/variables.none.tmpl %]
 
+[% h2 = voting_user.login FILTER html %]
 [% PROCESS global/header.html.tmpl
            title = "Show Votes"
-           h2 = voting_user.name
  %]
 
 [% canedit = 1 IF voting_user.login == user.login %]

template/en/default/filterexceptions.pl

@@ -33,17 +33,7 @@
 # Safe vmethods                   - [% foo.size %]
 # TT loop variables               - [% loop.count %]
 # Already-filtered stuff          - [% wibble FILTER html %]
-#   where the filter is one of html|csv|js|url_quote|quoteUrls|time|uri|xml
-
-# Key:
-#
-# "#": directive should be filtered, but not doing so is not a security hole
-# The plan is to come back and add filtering for all those marked "#" after
-# the security release.
-#
-# "# Email": as above; but noting that it's an email address.
-# Other sorts of comments denote cleanups noticed while doing this work;
-# they should be fixed in the very short term.
+#   where the filter is one of html|csv|js|url_quote|quoteUrls|time|uri|xml|none
 
 %::safe = (
 
@@ -80,19 +70,6 @@
   'field.accesskey',
   'sel.name',
   'sel.accesskey',
-  'button_name', #
-],
-
-'search/knob.html.tmpl' => [
-  'button_name', #
-],
-
-'search/search-report-graph.html.tmpl' => [
-  'button_name', #
-],
-
-'search/search-report-table.html.tmpl' => [
-  'button_name', #
 ],
 
 'search/search-specific.html.tmpl' => [
@@ -115,19 +92,11 @@
 'reports/components.html.tmpl' => [
   'numcols',
   'comp.description', 
-  'comp.initialowner', # email address
-  'comp.initialqacontact', # email address
-],
-
-'reports/duplicates-simple.html.tmpl' => [
-  'title', #
 ],
 
 'reports/duplicates-table.html.tmpl' => [
   '"&maxrows=$maxrows" IF maxrows',
   '"&changedsince=$changedsince" IF changedsince',
-  '"&product=$product" IF product', #
-  '"&format=$format" IF format', #
   '"&bug_id=$bug_ids_string&sortvisible=1" IF sortvisible',
   'column.name', 
   'column.description',
@@ -135,10 +104,6 @@
   'bug.id', 
   'bug.count', 
   'bug.delta', 
-  'bug.component', #
-  'bug.bug_severity', #
-  'bug.op_sys', #
-  'bug.target_milestone', #
 ],
 
 'reports/duplicates.html.tmpl' => [
@@ -154,11 +119,9 @@
 ],
 
 'reports/report-table.csv.tmpl' => [
-  '"$tbl_field_disp: $tbl\n" IF tbl_field', #
-  'row_field_disp IF row_field', #
-  'col_field_disp', #
   'num_bugs',
   'data.$tbl.$col.$row',
+  'title',
   '', # This is not a bug in the filter exceptions - this template has an 
       # empty directive which is necessary for it to work properly.
 ],
@@ -168,7 +131,6 @@
   '"&$tbl_vals" IF tbl_vals', 
   '"&$col_vals" IF col_vals', 
   '"&$row_vals" IF row_vals', 
-  'tbl_disp', # 
   'classes.$row_idx.$col_idx', 
   'urlbase', 
   'data.$tbl.$col.$row', 
@@ -178,16 +140,12 @@
 ],
 
 'reports/report.html.tmpl' => [
-  'tbl_field_disp IF tbl_field', #
-  'row_field_disp IF row_field', #
-  'col_field_disp', #
   'imagebase', 
   'width', 
   'height', 
   'imageurl', 
   'formaturl', 
   'other_format.name', 
-  'other_format.description', #
   'sizeurl', 
   'switchbase',
   'format',
@@ -233,7 +191,6 @@
 
 'list/change-columns.html.tmpl' => [
   'column', 
-  'field_descs.${column} || column', #
 ],
 
 'list/edit-multiple.html.tmpl' => [
@@ -250,7 +207,6 @@
 
 'list/list.html.tmpl' => [
   'buglist', 
-  'bugowners', # email address
 ],
 
 'list/list.rdf.tmpl' => [
@@ -260,7 +216,6 @@
 ],
 
 'list/table.html.tmpl' => [
-  'abbrev.$id.title || field_descs.$id || column.title', #
   'tableheader',
   'bug.bug_id', 
 ],
@@ -287,19 +242,12 @@
   'proddesc.$p', 
 ],
 
+# You are not permitted to add any values here. Everything in this file should 
+# be filtered unless there's an extremely good reason why not, in which case,
+# use the "none" dummy filter.
 'global/code-error.html.tmpl' => [
-  'parameters', 
-  'bug.bug_id',
-  'field', 
-  'argument', #
-  'function', #
-  'bug_id', # Need to remove unused error no_bug_data
-  'variables.id', 
-  'template_error_msg', # Should move filtering from CGI.pl to template
-  'error', 
-  'error_message', 
 ],
-
+ 
 'global/header.html.tmpl' => [
   'javascript', 
   'style', 
@@ -313,49 +261,27 @@
 ],
 
 'global/messages.html.tmpl' => [
-  'parameters',
-  '# ---', # Work out what this is
-  'namedcmd', #
-  'old_email', # email address
-  'new_email', # email address
   'message_tag', 
   'series.frequency * 2',
 ],
 
 'global/select-menu.html.tmpl' => [
   'options', 
-  'onchange', # Again, need to be certain where we are filtering
   'size', 
 ],
 
 'global/useful-links.html.tmpl' => [
   'email', 
-  'user.login', # Email address
 ],
 
-# Need to change this and code-error to use a no-op filter, for safety
+# You are not permitted to add any values here. Everything in this file should 
+# be filtered unless there's an extremely good reason why not, in which case,
+# use the "none" dummy filter.
 'global/user-error.html.tmpl' => [
-  'disabled_reason', 
-  'bug_link', 
-  'action', # 
-  'bug_id', 
-  'both', 
-  'filesize', 
-  'attach_id', 
-  'field', 
-  'field_descs.$field', 
-  'today', 
-  'product', #
-  'max', 
-  'votes', 
-  'error_message', 
 ],
 
 'global/confirm-user-match.html.tmpl' => [
-  '# use the global field descs', # Need to fix commenting style here
   'script',
-  '# this is messy to allow later expansion',
-  '# ELSIF for things that don\'t belong in the field_descs hash here',
   'fields.${field_name}.flag_type.name',
 ],
 
@@ -381,22 +307,16 @@
 ],
 
 'bug/dependency-tree.html.tmpl' => [
-  'hide_resolved ? "Open $terms.bugs" : "$terms.Bugs"',
   'bugid', 
   'maxdepth', 
   'dependson_ids.join(",")', 
   'blocked_ids.join(",")', 
   'dep_id', 
   'hide_resolved', 
-  'realdepth < 2 ? "disabled" : ""', 
   'maxdepth + 1', 
-  'maxdepth == 0 || maxdepth == realdepth ? "disabled" : ""', 
-  'realdepth < 2 || ( maxdepth && maxdepth < 2 ) ? "disabled" : ""',
   'maxdepth > 0 && maxdepth <= realdepth ? maxdepth : ""',
   'maxdepth == 1 ? 1
                        : ( maxdepth ? maxdepth - 1 : realdepth - 1 )',
-  'realdepth < 2 || ! maxdepth || maxdepth >= realdepth ?
-            "disabled" : ""',
 ],
 
 'bug/edit.html.tmpl' => [
@@ -425,8 +345,6 @@
 
 'bug/show-multiple.html.tmpl' => [
   'bug.bug_id', 
-  'bug.component', #
-  'attr.description', #
 ],
 
 'bug/show.xml.tmpl' => [
@@ -454,7 +372,6 @@
   'product.total', 
   'product.maxvotes', 
 ],
-# h2 = voting_user.name # Email
 
 'bug/process/confirm-duplicate.html.tmpl' => [
   'original_bug_id', 
@@ -474,21 +391,11 @@
   'id', 
 ],
 
-'bug/process/verify-new-product.html.tmpl' => [
-  'form.product', # 
-],
-
-'bug/process/bugmail.html.tmpl' => [
-  'description', 
-  'name', # Email 
-],
-
 'bug/create/comment.txt.tmpl' => [
   'form.comment', 
 ],
 
 'bug/create/create.html.tmpl' => [
-  'default.bug_status', #
   'g.bit',
   'g.description',
   'sel.name',
@@ -498,7 +405,6 @@
 'bug/create/create-guided.html.tmpl' => [
   'matches.0', 
   'tablecolour',
-  'product', #
   'buildid',
   'sel', 
 ],
@@ -508,7 +414,6 @@
 ],
 
 'bug/activity/table.html.tmpl' => [
-  'operation.who', # Email
   'change.attachid', 
   'change.field', 
 ],
@@ -532,10 +437,7 @@
 
 'attachment/list.html.tmpl' => [
   'attachment.attachid', 
-  'FOR flag = attachment.flags', # Bug? No FOR directive
-  'flag.type.name', 
   'flag.status',
-  'flag.requestee.nick', # Email
   'bugid',
 ],
 
@@ -585,7 +487,6 @@
 
 'admin/flag-type/confirm-delete.html.tmpl' => [
   'flag_count', 
-  'name', #
   'flag_type.id', 
 ],
 
@@ -593,10 +494,7 @@
   'action', 
   'type.id', 
   'type.target_type', 
-  'category', #
-  'item', #
   'type.sortkey || 1',
-  '(last_action == "enter" || last_action == "copy") ? "Create" : "Save Changes"',
   'typeLabelLowerPlural',
   'typeLabelLowerSingular',
 ],
@@ -610,12 +508,7 @@
   'target', 
 ],
 
-'account/prefs/account.html.tmpl' => [
-  'login_change_date', #
-],
-
 'account/prefs/email.html.tmpl' => [
-  'watchedusers', # Email
   'role', 
   'reason.name', 
   'reason.description',
@@ -634,5 +527,3 @@
 ],
 
 );
-
-# Should filter reports/report.html.tmpl:130 $format

template/en/default/global/code-error.html.tmpl

@@ -28,6 +28,9 @@
 
 [%# This is a list of all the possible code errors. Please keep them in
   # alphabetical order by error tag, and leave a blank line between errors.
+  #
+  # Note that you must explicitly filter every single template variable
+  # in this file; if you do not wish to change it, use the "none" filter.
   #%]
 
 [% PROCESS global/variables.none.tmpl %]
@@ -35,14 +38,7 @@
 [% DEFAULT title = "Internal Error" %]
 
 [% error_message = BLOCK %]
-  [% IF    error == "aaa_example_error_tag" %]
-    [% title = "Example Error" %]
-    This is an example error. The title is set above. This text is the body
-    of the error. It can contain arbitrary <b>HTML</b>, and also references
-    to any [% parameters %] which you may have set before calling
-    ThrowCodeError.
-
-  [% ELSIF error == "action_unrecognized" %]
+  [% IF    error == "action_unrecognized" %]
     I don't recognize the value (<em>[% variables.action FILTER html %]</em>)
     of the <em>action</em> variable.
   
@@ -61,8 +57,8 @@
     An authorization handler return value was not handled by the login code.
 
   [% ELSIF error == "bug_error" %]
-    Trying to retrieve [% terms.bug %] [%+ bug.bug_id %] returned the error
-    [% bug.error FILTER html %]
+    Trying to retrieve [% terms.bug %] [%+ bug.bug_id FILTER html %] returned 
+    the error [% bug.error FILTER html %].
     
   [% ELSIF error == "chart_data_not_generated" %]
     The tool which gathers [% terms.bug %] counts has not been run yet.
@@ -82,7 +78,7 @@
     Run checksetup.pl for installation instructions.
 
   [% ELSIF error == "field_type_mismatch" %]
-    Cannot seem to handle <code>[% field %]</code>
+    Cannot seem to handle <code>[% field FILTER html %]</code>
     and <code>[% type FILTER html %]</code> together.
 
   [% ELSIF error == "gd_not_installed" %]
@@ -107,8 +103,8 @@
     '[% bit FILTER html %]'.
 
   [% ELSIF error == "bad_arg" %]
-    Bad argument <code>[% argument %]</code> sent to
-    <code>[% function %]</code> function.
+    Bad argument <code>[% argument FILTER html %]</code> sent to
+    <code>[% function FILTER html %]</code> function.
 
   [% ELSIF error == "invalid_attach_id_to_obsolete" %]
      The attachment number of one of the attachments you wanted to obsolete,
@@ -145,11 +141,8 @@
     but you tried to flag it as obsolete while creating a new attachment to 
     [% terms.bug %] [%+ my_bug_id FILTER html %].
         
-  [% ELSIF error == "no_bug_data" %]
-    No data when fetching [% terms.bug %] [%+ bug_id %].
-    
   [% ELSIF error == "flag_nonexistent" %]
-    There is no flag with ID #[% variables.id %].
+    There is no flag with ID #[% variables.id FILTER html %].
   
   [% ELSIF error == "flag_status_invalid" %]
     The flag status <em>[% variables.status FILTER html %]</em> is invalid.
@@ -166,7 +159,7 @@
     a positive integer.
 
   [% ELSIF error == "flag_type_nonexistent" %]
-    There is no flag type with the ID <em>[% variables.id %]</em>.
+    There is no flag type with the ID <em>[% variables.id FILTER html %]</em>.
   
   [% ELSIF error == "flag_type_product_nonexistent" %]
     The product <em>[% variables.product FILTER html %]</em> does not exist.
@@ -212,7 +205,7 @@
     Something is seriously wrong with the token generation system.
 
   [% ELSIF error == "template_error" %]
-    [% template_error_msg %]
+    [% template_error_msg FILTER html %]
 
   [% ELSIF error == "unable_to_retrieve_password" %]
      I was unable to retrieve your old password from the database.
@@ -238,9 +231,9 @@
   [% ELSE %]
     [%# Give sensible error if error functions are used incorrectly.
       #%]
-    You are using [% terms.Bugzilla %]'s ThrowCodeError() function incorrectly. You
-    passed in the string '[% error %]'. The correct use is to pass
-    in a tag, and define that tag in the file code-error.html.tmpl.<br>
+    You are using [% terms.Bugzilla %]'s ThrowCodeError() function incorrectly. 
+    You passed in the string '[% error FILTER html %]'. The correct use is to 
+    pass in a tag, and define that tag in the file code-error.html.tmpl.<br>
     <br>
     If you are a [% terms.Bugzilla %] end-user seeing this message, please save this
     page and send it to [% Param('maintainer') %].
@@ -267,7 +260,7 @@
   <tr>
     <td bgcolor="#ff0000">
       <font size="+2">
-        [% error_message %]
+        [% error_message FILTER none %]
       </font>
     </td>
   </tr>

template/en/default/global/confirm-user-match.html.tmpl

@@ -38,7 +38,7 @@
   #     self-referential URL
   #%]
 
-[% # use the global field descs %]
+[%# use the global field descs %]
 [% PROCESS "global/field-descs.none.tmpl" %]
 
 [% IF matchsuccess == 1 %]
@@ -74,7 +74,7 @@
       </td>
     </tr>
 
-  [% # this is messy to allow later expansion %]
+  [%# this is messy to allow later expansion %]
 
   [% FOREACH field = matches %]
     <tr>
@@ -173,7 +173,7 @@
   [% IF field_descs.${field_name} %]
     [%  field_descs.${field_name} FILTER html -%]
 
-  [%- # ELSIF for things that don't belong in the field_descs hash here -%]
+  [%-# ELSIF for things that don't belong in the field_descs hash here -%]
 
   [% ELSIF field_name.match("^requestee") %]
     [% fields.${field_name}.flag_type.name %] requestee

template/en/default/global/messages.html.tmpl

@@ -28,21 +28,15 @@
 [% message_tag = message %]
 
 [% message = BLOCK %]
-  [% IF    message_tag == "aaa_example_message_tag" %]
-    [% title = "Example Message" %]
-    This is an example message. The title is set above. This text is the body
-    of the message. It can contain arbitrary <b>HTML</b>, and also references
-    to any [% parameters %] which you may have set.
-
-  [% ELSIF message_tag == "buglist_adding_field" %]
+  [% IF    message_tag == "buglist_adding_field" %]
     [% title = "Adding field to query page..." %]
     [% link  = "Click here if the page does not redisplay automatically." %]
-    [% # --- %] 
 
   [% ELSIF message_tag == "buglist_load_named_query" %]
-    [% title = BLOCK %]Loading your query named [% namedcmd %][% END %]
+    [% title = BLOCK %]
+      Loading your query named [% namedcmd FILTER html %]
+    [% END %]
     [% link  = "Click here if the page does not redisplay automatically." %]
-    [% # --- %] 
 
   [% ELSIF message_tag == "buglist_updated_named_query" %]
     OK, your query named <code>[% queryname FILTER html %]</code> is updated.
@@ -81,8 +75,9 @@
   [% ELSIF message_tag == "email_change_cancelled_reinstated" %]
     [% title = "Cancel Request to Change Email Address" %]
     The request to change the email address for the
-    [% old_email %] account to [% new_email %] has been cancelled.
-    Your old account settings have been reinstated.
+    [% old_email FILTER html %] account to 
+    [% new_email FILTER html %] has been cancelled.
+   Your old account settings have been reinstated.
 
   [% ELSIF message_tag == "logged_out" %]
     [% title = "Logged Out" %]

template/en/default/global/select-menu.html.tmpl

@@ -44,7 +44,7 @@
 [% options_type = BLOCK %][% options %][% END %]
 
 <select name="[% name FILTER html %]" 
-        [% IF onchange %]onchange="[% onchange %]"[% END %]
+        [% IF onchange %]onchange="[% onchange FILTER html %]"[% END %]
         [% IF multiple %] multiple [% IF size %] size="[% size %]" [% END %] [% END %]>
   [% IF options_type.search("ARRAY") %]
     [% FOREACH value = options %]

template/en/default/global/useful-links.html.tmpl

@@ -73,7 +73,8 @@
         [% ' | <a href="sanitycheck.cgi">Sanity&nbsp;check</a>' 
                                                    IF user.groups.tweakparams %]
 
-        | <a href="relogin.cgi">Log&nbsp;out</a>&nbsp;[% user.login %]
+        | <a href="relogin.cgi">Log&nbsp;out</a>&nbsp;
+          [% user.login FILTER html %]
       </td>
     </tr> 
 

template/en/default/global/user-error.html.tmpl

@@ -27,6 +27,9 @@
 
 [%# This is a list of all the possible user errors. Please keep them in
   # alphabetical order by error tag, and leave a blank line between errors.
+  #
+  # Note that you must explicitly filter every single template variable
+  # in this file; if you do not wish to change it, use the "none" filter.
   #%]
 
 [% PROCESS global/variables.none.tmpl %]
@@ -44,7 +47,7 @@
 
   [% ELSIF error == "account_disabled" %]
     [% title = "Account Disabled" %]
-    [% disabled_reason %]
+    [% disabled_reason FILTER none %]
     <hr>
     If you believe your account should be restored, please
     send email to [% Param("maintainer") %] explaining why.
@@ -72,7 +75,7 @@
 
   [% ELSIF error == "alias_in_use" %]
     [% title = "Alias In Use" %]
-    [% bug_link %] has already taken the alias
+    [% bug_link FILTER none %] has already taken the alias 
     <em>[% alias FILTER html %]</em>.  Please choose another one.
 
   [% ELSIF error == "alias_is_numeric" %]
@@ -95,7 +98,7 @@
 
   [% ELSIF error == "authorization_failure" %]
     [% title = "Authorization Failed" %]
-    You are not allowed to [% action %].
+    You are not allowed to [% action FILTER html %].
 
   [% ELSIF error == "attachment_access_denied" %]
     [% title = "Access Denied" %]
@@ -103,13 +106,14 @@
 
   [% ELSIF error == "bug_access_denied" %]
     [% title = "Access Denied" %]
-    You are not authorized to access [% terms.bug %] #[% bug_id %].
+    You are not authorized to access [% terms.bug %] #[% bug_id FILTER html %].
 
   [% ELSIF error == "bug_access_query" %]
     [% title = "Access Denied" %]
-    You are not authorized to access [% terms.bug %] #[% bug_id %]. To see
-    this [% terms.bug %], you must
-    first <a href="show_bug.cgi?id=[% bug_id %]&amp;GoAheadAndLogIn=1">log
+    You are not authorized to access [% terms.bug %] #[% bug_id FILTER html %].
+    To see this [% terms.bug %], you must
+    first <a href="show_bug.cgi?id=
+                   [% bug_id FILTER url_quote %]&amp;GoAheadAndLogIn=1">log
     in to an account</a> with the appropriate permissions.
 
   [% ELSIF error == "buglist_parameters_required" %]
@@ -139,7 +143,7 @@
     [% title = "Dependency Loop Detected" %]
     The following [% terms.bug %](s) would appear on both the "depends on"
     and "blocks" parts of the dependency tree if these changes
-    are committed: [% both %]. This would create a circular
+    are committed: [% both FILTER none %]. This would create a circular
     dependency, which is not allowed.
 
   [% ELSIF error == "dependency_loop_single" %]
@@ -176,7 +180,8 @@
 
   [% ELSIF error == "file_too_large" %]
     [% title = "File Too Large" %]
-    The file you are trying to attach is [% filesize %] kilobytes (KB) in size.
+    The file you are trying to attach is [% filesize FILTER html %] 
+    kilobytes (KB) in size.
     Non-patch attachments cannot be more than [% Param('maxattachmentsize') %]
     KB.
     If your attachment is an image, try converting it to a compressable
@@ -187,8 +192,10 @@
     [% title = "Flag Requestee Not Authorized" %]
 
     You asked [% requestee.identity FILTER html %]
-    for <code>[% flag_type.name FILTER html %]</code> on [% terms.bug %] [% bug_id -%]
-    [% IF attach_id %], attachment [% attach_id %][% END %], but that [% terms.bug %]&bnsp;
+    for <code>[% flag_type.name FILTER html %]</code> on [% terms.bug %] 
+    [% bug_id FILTER html -%]
+    [% IF attach_id %], attachment [% attach_id FILTER html %][% END %], 
+    but that [% terms.bug %]&bnsp;
     has been restricted to users in certain groups, and the user you asked
     isn't in all the groups to which the [% terms.bug %] has been restricted.
     Please choose someone else to ask, or make the [% terms.bug %] accessible to users
@@ -198,8 +205,10 @@
     [% title = "Flag Requestee Not Authorized" %]
 
     You asked [% requestee.identity FILTER html %]
-    for <code>[% flag_type.name FILTER html %]</code> on [% terms.bug %]&nbsp;[% bug_id %],
-    attachment [% attach_id %], but that attachment is restricted to users
+    for <code>[% flag_type.name FILTER html %]</code> on 
+    [% terms.bug %]&nbsp;[% bug_id FILTER html %],
+    attachment [% attach_id FILTER html %], but that attachment is restricted 
+    to users
     in the [% Param("insidergroup") FILTER html %] group, and the user
     you asked isn't in that group.  Please choose someone else to ask,
     or ask an administrator to add the user to the group.
@@ -233,11 +242,12 @@
     
   [% ELSIF error == "illegal_attachment_edit" %]
     [% title = "Unauthorised Action" %]
-    You are not authorised to edit attachment [% attach_id %].
+    You are not authorised to edit attachment [% attach_id FILTER html %].
 
   [% ELSIF error == "illegal_attachment_edit_bug" %]
     [% title = "Unauthorised Action" %]
-    You are not authorised to edit attachments on [% terms.bug %] [%+ bug_id %].
+    You are not authorised to edit attachments on [% terms.bug %] 
+    [%+ bug_id FILTER html %].
          
   [% ELSIF error == "illegal_attachment_is_patch" %]
     [% title = "Your Query Makes No Sense" %]
@@ -246,7 +256,8 @@
          
   [% ELSIF error == "illegal_change" %]
     [% title = "Not allowed" %]
-    You tried to change the <strong>[% field %]</strong> field 
+    You tried to change the 
+    <strong>[% field_descs.$field FILTER html %]</strong> field 
     from <em>[% oldvalue FILTER html %]</em> to 
     <em>[% newvalue FILTER html %]</em>, 
     but only the owner or submitter of the [% terms.bug %], or a 
@@ -320,7 +331,7 @@
 
   [% ELSIF error == "invalid_bug_id_non_existent" %]
     [% title = BLOCK %]Invalid [% terms.Bug %] ID[% END %]
-    [% terms.Bug %] #[% bug_id %] does not exist.
+    [% terms.Bug %] #[% bug_id FILTER html %] does not exist.
     
   [% ELSIF error == "invalid_bug_id_or_alias" %]
     [% title = BLOCK %]Invalid [% terms.Bug %] ID[% END %]
@@ -383,7 +394,8 @@
 
   [% ELSIF error == "milestone_required" %]
     [% title = "Milestone Required" %]
-    You must determine a target milestone for [% terms.bug %] [%+ bug_id %]
+    You must determine a target milestone for [% terms.bug %] 
+    [%+ bug_id FILTER html %]
     if you are going to accept it.  Part of accepting 
     [% terms.abug %] is giving an estimate of when it will be fixed.
 
@@ -459,7 +471,8 @@
 
   [% ELSIF error == "need_positive_number" %]
     [% title = "Positive Number Required" %]
-    The <em>[% field_descs.$field %]</em> field requires a positive number.
+    The <em>[% field_descs.$field FILTER html %]</em> field requires a positive
+    number.
 
   [% ELSIF error == "need_product" %]
     [% title = "Product Required" %]
@@ -499,7 +512,8 @@
 
   [% ELSIF error == "no_dupe_stats" %]
     [% title = "Cannot Find Duplicate Statistics" %]
-    There are no duplicate statistics for today ([% today %]) or yesterday.
+    There are no duplicate statistics for today ([% today FILTER html %]) 
+    or yesterday.
 
   [% ELSIF error == "no_dupe_stats_error_today" %]
     [% title = "Error Reading Today's Dupes File" %]
@@ -513,7 +527,8 @@
 
   [% ELSIF error == "no_dupe_stats_error_yesterday" %]
     [% title = "Error Reading Yesterday's Dupes File" %]
-    There are no duplicate statistics for today ([% today %]), and an error
+    There are no duplicate statistics for today ([% today FILTER html %]), 
+    and an error
     occurred opening yesterday's dupes file: [% error_msg FILTER html %].
 
   [% ELSIF error == "no_html_in_quips" %]
@@ -558,7 +573,8 @@
 
   [% ELSIF error == "patch_too_large" %]
     [% title = "File Too Large" %]
-    The file you are trying to attach is [% filesize %] kilobytes (KB) in size.
+    The file you are trying to attach is [% filesize FILTER html %] 
+    kilobytes (KB) in size.
     Patches cannot be more than [% Param('maxpatchsize') %] KB in size.
     Try breaking your patch into several pieces.
 
@@ -568,7 +584,8 @@
 
   [% ELSIF error == "product_edit_denied" %]
     [% title = "Product Edit Access Denied" %]
-    You are not permitted to edit [% terms.bugs %] in product [% product %].
+    You are not permitted to edit [% terms.bugs %] in product 
+    [% product FILTER html %].
 
   [% ELSIF error == "query_name_missing" %]
     [% title = "No Query Name Specified" %]
@@ -620,15 +637,17 @@
 
   [% ELSIF error == "too_many_votes_for_bug" %]
     [% title = "Illegal Vote" %]
-    You may only use at most [% max %] votes for a single [% terms.bug %] in the
+    You may only use at most [% max FILTER html %] votes for a single 
+    [%+ terms.bug %] in the
     <tt>[% prod FILTER html %]</tt> product, but you are trying to use
-    [% votes %].
+    [% votes FILTER html %].
 
   [% ELSIF error == "too_many_votes_for_product" %]
     [% title = "Illegal Vote" %]
-    You may only use at most [% max %] votes for [% terms.bugs %] in the
+    You may only use at most [% max FILTER html %] votes for [% terms.bugs %] 
+    in the
     <tt>[% prod FILTER html %]</tt> product, but you are trying to use
-    [% votes %].
+    [% votes FILTER html %].
 
   [% ELSIF error == "token_inexistent" %]
     [% title = "Token Does Not Exist" %]
@@ -662,7 +681,8 @@
 
   [% ELSIF error == "value_out_of_range" %]
     [% title = "Value Out Of Range" %]
-    Value is out of range for field <em>[% field_descs.$field %]</em>.
+    Value is out of range for field 
+    <em>[% field_descs.$field FILTER html %]</em>.
 
   [% ELSIF error == "zero_length_file" %]
     [% title = "File Is Empty" %]
@@ -684,7 +704,7 @@
   <tr>
     <td bgcolor="#ff0000">
       <font size="+2">
-        [% error_message %]
+        [% error_message FILTER none %]
       </font>
     </td>
   </tr>

template/en/default/list/change-columns.html.tmpl

@@ -42,7 +42,9 @@
   [% FOREACH column = masterlist %]
     <input type="checkbox" id="[% column %]" name="column_[% column %]"
       [% "checked='checked'" IF lsearch(collist, column) != -1 %]>
-    <label for="[% column %]">[% field_descs.${column} || column %]</label>
+    <label for="[% column %]">
+      [% (field_descs.${column} || column) FILTER html %]
+    </label>
     <br>
   [% END %]
 

template/en/default/list/list.html.tmpl

@@ -149,7 +149,9 @@
     [% END %]
 
     [% IF bugowners %]
-      <a href="mailto:[% bugowners %]">Send Mail to [% terms.Bug %] Owners</a> &nbsp;&nbsp;
+      <a href="mailto:[% bugowners FILTER html %]">Send 
+      Mail to [% terms.Bug %] Owners</a> 
+      &nbsp;&nbsp;
     [% END %]
 
     <a href="query.cgi?

template/en/default/reports/components.html.tmpl

@@ -79,13 +79,15 @@
       <a name="[% comp.name FILTER html %]">[% comp.name FILTER html %]</a>
     </td>
     <td>
-      <a href="mailto:[% comp.initialowner %][% Param('emailsuffix') %]">
+      <a href="mailto:[% comp.initialowner FILTER html %]
+                      [% Param('emailsuffix') %]">
       [% comp.initialowner FILTER html %]</a>
     </td>
     [% IF Param("useqacontact") %]
       <td>
-        <a href="mailto:[% comp.initialqacontact %][% Param('emailsuffix') %]">
-        [% comp.initialqacontact %]</a>
+        <a href="mailto:[% comp.initialqacontact FILTER html %]
+                        [% Param('emailsuffix') %]">
+        [% comp.initialqacontact FILTER html %]</a>
       </td>
     [% END %]
   </tr>

template/en/default/reports/duplicates-simple.html.tmpl

@@ -34,7 +34,7 @@
   [% END%]
 
   <head>
-    <title>[% title %]</title>
+    <title>[% title FILTER html %]</title>
   </head>
 
   <body>

template/en/default/reports/duplicates-table.html.tmpl

@@ -70,17 +70,18 @@
               [% bug_ids_string = bug_ids.join(',') %]
               <a href="duplicates.cgi?sortby=[% column.name %]
                 [% IF sortby == column.name %]
-                  [% "&reverse=1" IF NOT reverse %]
+                  [% "&amp;reverse=1" IF NOT reverse %]
                 [% ELSE %]
                   [%-# Some columns start off reversed %]
-                  [% "&reverse=1" IF column.name.match('delta|count') %]
+                  [% "&amp;reverse=1" IF column.name.match('delta|count') %]
                 [% END %]
-                [% "&maxrows=$maxrows" IF maxrows %]
-                [% "&changedsince=$changedsince" IF changedsince %]
-                [% "&openonly=1" IF openonly %]
-                [% "&product=$product" IF product %]
-                [% "&format=$format" IF format %]
-                [% "&bug_id=$bug_ids_string&sortvisible=1" IF sortvisible %]">
+                [% "&amp;maxrows=$maxrows" IF maxrows %]
+                [% "&amp;changedsince=$changedsince" IF changedsince %]
+                [% "&amp;openonly=1" IF openonly %]
+                [% IF product %]&amp;product=[% product FILTER html %][% END %]
+                [% IF format %]&amp;format=[% format FILTER html %][% END %]
+                [% "&amp;bug_id=$bug_ids_string&amp;sortvisible=1" 
+                                                            IF sortvisible %]">
                 [% column.description %]</a>
             </b>
           </center>
@@ -135,10 +136,10 @@
         <td><center>[% bug.delta %]</center></td>
       [% END %]
 
-      <td>[% bug.component %]</td>
-      <td><center>[% bug.bug_severity %]</center></td>
-      <td><center>[% bug.op_sys %]</center></td>
-      <td><center>[% bug.target_milestone %]</center></td>
+      <td>[% bug.component FILTER html %]</td>
+      <td><center>[% bug.bug_severity FILTER html %]</center></td>
+      <td><center>[% bug.op_sys FILTER html %]</center></td>
+      <td><center>[% bug.target_milestone FILTER html %]</center></td>
       <td>[% bug.short_desc FILTER html %]</td>
     </tr>
   [% END %]

template/en/default/reports/report-table.csv.tmpl

@@ -29,13 +29,18 @@
 [% row_field_disp = field_descs.$row_field || row_field %]
 
 [% title = BLOCK %]
-  [% "$tbl_field_disp: $tbl\n" IF tbl_field %]
-  [% row_field_disp IF row_field %]
+  [% IF tbl_field %]
+    [% tbl_field_disp FILTER csv %]: [% tbl FILTER csv %]
+
+  [% END %]
+  [% IF row_field %]
+    [% row_field_disp FILTER csv %]
+  [% END %]
   [% " / " IF col_field AND row_field %]
-  [% col_field_disp %]
+  [% col_field_disp FILTER csv %]
 [% END %]
 
-[% title FILTER csv %],
+[% title %],
 [% IF col_field -%]
 [% FOREACH col = col_names -%]
   [% col FILTER csv -%],

template/en/default/reports/report-table.html.tmpl

@@ -50,7 +50,7 @@
       <td>
       </td>
       <td align="center">        
-        <h2>[% tbl_disp %]</h2>
+        <h2>[% tbl_disp FILTER html %]</h2>
       </td>
     </tr>
   [% END %]  

template/en/default/reports/report.html.tmpl

@@ -54,11 +54,15 @@
 
 [% title = BLOCK %]
   Report: 
-  [% tbl_field_disp IF tbl_field %]
+  [% IF tbl_field %]
+    [% tbl_field_disp FILTER html %]
+  [% END %]
   [% " / " IF tbl_field AND (col_field OR row_field) %]
-  [% row_field_disp IF row_field %]
+  [% IF row_field %]
+    [% row_field_disp FILTER html %]
+  [% END %]
   [% " / " IF col_field AND row_field %]
-  [% col_field_disp %]
+  [% col_field_disp FILTER html %]
 [% END %]
 
 [% PROCESS global/header.html.tmpl 
@@ -128,7 +132,7 @@
           [% UNLESS other_format.name == format %]
             <a href="[% formaturl %]&amp;format=[% other_format.name %]">
           [% END %]
-          [% other_format.description %]
+          [% other_format.description FILTER html %]
           [% "</a>" UNLESS other_format.name == format %] | 
         [% END %]
         <a href="[% formaturl %]&amp;ctype=csv&amp;format=table">CSV</a> 
@@ -139,7 +143,9 @@
           &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
         </td>
 
-        [% sizeurl = "report.cgi?$switchbase&amp;action=wrap&amp;format=$format" %]
+        [% sizeurl = BLOCK %]report.cgi?
+          [% switchbase %]&amp;action=wrap&amp;format=
+          [% format FILTER html %][% END %]
         <td align="center">
           <a href="[% sizeurl %]&amp;width=[% width %]&amp;height=
                    [% height + 100 %]">Taller</a><br>

template/en/default/search/form.html.tmpl

@@ -352,7 +352,7 @@ function selectProduct(f) {
              value="[% default.short_desc.0 FILTER html %]">
     </td>
     <td>
-      <input type="submit" value="[% button_name %]">
+      <input type="submit" value="[% button_name FILTER html %]">
     </td>
   </tr>
 

template/en/default/search/knob.html.tmpl

@@ -148,7 +148,7 @@
   [% END %]
   </select>
 
-  <input type="submit" value="[% button_name %]">
+  <input type="submit" value="[% button_name FILTER html %]">
 
   [% IF userdefaultquery %]
      <p>

template/en/default/search/search-report-graph.html.tmpl

@@ -107,7 +107,7 @@
 [% PROCESS search/form.html.tmpl %]
 
 <br>
-<input type="submit" value="[% button_name %]">
+<input type="submit" value="[% button_name FILTER html %]">
 <input type="hidden" name="action" value="wrap">
 <hr>
 

template/en/default/search/search-report-table.html.tmpl

@@ -82,7 +82,7 @@
 [% PROCESS search/form.html.tmpl %]
 
 <br>
-<input type="submit" value="[% button_name %]">
+<input type="submit" value="[% button_name FILTER html %]">
 <input type="hidden" name="format" value="table">
 <input type="hidden" name="action" value="wrap">
 <hr>