A whole bunch more escaping

templates/frontend/objects/monograph_full.tpl

@@ -21,10 +21,10 @@
  *}
 <div class="obj_monograph_full">
 	<h1 class="title">
-		{$monograph->getLocalizedFullTitle()}
+		{$monograph->getLocalizedFullTitle()|escape}
 	</h1>
 	<div class="authors">
-		{$publishedMonograph->getAuthorString()}
+		{$publishedMonograph->getAuthorString()|escape}
 	</div>
 
 	<a href="{url router=$smarty.const.ROUTE_COMPONENT component="submission.CoverHandler" op="cover" submissionId=$monograph->getId()}" class="cover">
@@ -47,7 +47,7 @@
 				</span>
 				<span class="value">
 					<a href="{url page="catalog" op="series" path=$series->getPath()}">
-						{$series->getLocalizedFullTitle()}
+						{$series->getLocalizedFullTitle()|escape}
 					</a>
 				</span>
 			</li>
@@ -94,15 +94,15 @@
 			{if $author->getIncludeInBrowse()}
 				<li>
 					<span class="name">
-						{$author->getFullName()}
+						{$author->getFullName()|escape}
 					</span>
 					<span class="role">
-						{$author->getLocalizedUserGroupName()}
+						{$author->getLocalizedUserGroupName()|escape}
 					</span>
 					{assign var=biography value=$author->getLocalizedBiography()|strip_unsafe_html}
 					{if $biography}
 						<span class="bio">
-							{$biography}
+							{$biography|strip_unsafe_html}
 						</span>
 					{/if}
 				</li>
@@ -118,14 +118,14 @@
 						{$chapter->getLocalizedTitle()}
 						{if $chapter->getLocalizedSubtitle() != ''}
 							<span class="subtitle">
-								{$chapter->getLocalizedSubtitle()}
+								{$chapter->getLocalizedSubtitle()|escape}
 							</span>
 						{/if}
 					</span>
 					{assign var=chapterAuthors value=$chapter->getAuthorNamesAsString()}
 					{if $publishedMonograph->getAuthorString() != $chapterAuthors}
 						<span class="authors">
-							{$chapterAuthors}
+							{$chapterAuthors|escape}
 						</span>
 					{/if}
 				</li>

templates/frontend/objects/monograph_summary.tpl

@@ -14,13 +14,8 @@
 	<a href="{url page="catalog" op="book" path=$monograph->getId()}" class="cover">
 		<img alt="{translate key="catalog.coverImageTitle" monographTitle=$monograph->getLocalizedFullTitle()|strip_tags|escape}" src="{url router=$smarty.const.ROUTE_COMPONENT component="submission.CoverHandler" op="thumbnail" submissionId=$monograph->getId() random=$monograph->getId()|uniqid}" />
 	</a>
-	{* {if $isFeatured}
-		<div class="featured">
-			Featured
-		</div>
-	{/if} *}
 	<a href="{url router=$smarty.const.ROUTE_PAGE page="catalog" op="book" path=$monograph->getId()}" class="title">
-		{$monograph->getLocalizedFullTitle()}
+		{$monograph->getLocalizedFullTitle()|escape}
 	</a>
 	<div class="author">
 		{$monograph->getAuthorString()|escape}

templates/frontend/objects/publicationFormat.tpl

@@ -21,7 +21,7 @@
 				{translate key="monograph.publicationFormat.productDimensions"}
 			</span>
 			<span class="value">
-				{$publicationFormat->getDimensions()}
+				{$publicationFormat->getDimensions()|escape}
 			</span>
 		</li>
 

templates/frontend/objects/spotlight.tpl

@@ -28,11 +28,11 @@
 
 	<div class="call_to_action">
 		<h3 class="title">
-			{$spotlight->getLocalizedTitle()|strip_unsafe_html}
+			{$spotlight->getLocalizedTitle()|escape}
 		</h3>
 		{if $description}
 		<div class="description">
-			{$description}
+			{$description|strip_unsafe_html}
 		</div>
 		{/if}
 		<a href="{$targetUrl}" title="{translate|escape key="common.readMoreWithTitle" title=$spotlight->getLocalizedTitle()}">

templates/frontend/pages/about.tpl

@@ -25,7 +25,7 @@
 
 	{if $description}
 	<div class="description">
-		{$description|nl2br}
+		{$description|nl2br|strip_unsafe_html}
 	</div>
 	{/if}
 
@@ -39,7 +39,7 @@
 
 		{if $contact.mailingAddress}
 			<div class="address">
-				{$contact.mailingAddress}
+				{$contact.mailingAddress|nl2br|strip_unsafe_html}
 			</div>
 		{/if}
 
@@ -132,7 +132,7 @@
 				{include file="frontend/components/editLink.tpl" page="management" op="settings" path="press" anchor="policies" sectionTitleKey="about.focusAndScope"}
 			</h2>
 			<div>
-				{$editorialPolicies.focusScopeDesc}
+				{$editorialPolicies.focusScopeDesc|strip_unsafe_html}
 			</div>
 		</div>
 	{/if}
@@ -143,7 +143,7 @@
 				{translate key="about.reviewPolicy"}
 				{include file="frontend/components/editLink.tpl" page="management" op="settings" path="press" anchor="policies" sectionTitleKey="about.reviewPolicy"}
 			</h2>
-			{$editorialPolicies.reviewPolicy|nl2br}
+			{$editorialPolicies.reviewPolicy|nl2br|strip_unsafe_html}
 		</div>
 	{/if}
 
@@ -153,7 +153,7 @@
 				{translate key="about.openAccessPolicy"}
 				{include file="frontend/components/editLink.tpl" page="management" op="settings" path="press" anchor="policies" sectionTitleKey="about.openAccessPolicy"}
 			</h2>
-			{$editorialPolicies.openAccessPolicy|nl2br}
+			{$editorialPolicies.openAccessPolicy|nl2br|strip_unsafe_html}
 		</div>
 	{/if}
 
@@ -164,7 +164,7 @@
 					{$customAboutItem.title|escape}
 					{include file="frontend/components/editLink.tpl" page="management" op="settings" path="press" anchor="policies" sectionTitle=$customAboutItem.title|escape}
 				</h2>
-				{$customAboutItem.content|nl2br}
+				{$customAboutItem.content|nl2br|strip_unsafe_html}
 			</div>
 		{/if}
 	{/foreach}

templates/frontend/pages/catalogCategory.tpl

@@ -38,7 +38,7 @@
 			</div>
 		{/if}
 		<div class="description">
-			{$description}
+			{$description|nl2br|strip_unsafe_html}
 		</div>
 	</div>
 
@@ -51,7 +51,7 @@
 			{iterate from=subcategories item=subcategory}
 				<li>
 					<a href="{url op="category" path=$subcategory->getPath()}">
-						{$subcategory->getLocalizedTitle()}
+						{$subcategory->getLocalizedTitle()|escape}
 					</a>
 				</li>
 			{/iterate}

templates/frontend/pages/catalogSeries.tpl

@@ -34,7 +34,7 @@
 			</div>
 		{/if}
 		<div class="description">
-			{$description}
+			{$description|nl2br|strip_unsafe_html}
 		</div>
 	</div>
 

templates/frontend/pages/submissions.tpl

@@ -35,7 +35,7 @@
 				{translate key="about.authorGuidelines"}
 				{include file="frontend/components/editLink.tpl" page="management" op="settings" path="press" anchor="guidelines" sectionTitleKey="about.authorGuidelines"}
 			</h2>
-			{$submissionInfo.authorGuidelines|nl2br}
+			{$submissionInfo.authorGuidelines|nl2br|strip_unsafe_html}
 		</div>
 	{/if}
 
@@ -49,7 +49,7 @@
 			<ul>
 				{foreach from=$submissionInfo.checklist item=checklistItem}
 					<li>
-						{$checklistItem.content|nl2br}
+						{$checklistItem.content|nl2br|strip_unsafe_html}
 					</li>
 				{/foreach}
 			</ul>
@@ -62,7 +62,7 @@
 				{translate key="about.copyrightNotice"}
 				{include file="frontend/components/editLink.tpl" page="management" op="settings" path="distribution" anchor="permissions" sectionTitleKey="about.copyrightNotice"}
 			</h2>
-			{$submissionInfo.copyrightNotice|nl2br}
+			{$submissionInfo.copyrightNotice|nl2br|strip_unsafe_html}
 		</div>
 	{/if}
 
@@ -72,7 +72,7 @@
 				{translate key="about.privacyStatement"}
 				{include file="frontend/components/editLink.tpl" page="management" op="settings" path="press" anchor="policies" sectionTitleKey="about.privacyStatement"}
 			</h2>
-			{$submissionInfo.privacyStatement|nl2br}
+			{$submissionInfo.privacyStatement|nl2br|strip_unsafe_html}
 		</div>
 	{/if}
 
@@ -82,7 +82,7 @@
 				{translate key="about.reviewPolicy"}
 				{include file="frontend/components/editLink.tpl" page="management" op="settings" path="press" anchor="policies" sectionTitleKey="about.reviewPolicy"}
 			</h2>
-			{$submissionInfo.reviewPolicy|nl2br}
+			{$submissionInfo.reviewPolicy|nl2br|strip_unsafe_html}
 		</div>
 	{/if}