From 73b2212573279098f7d247a4351150cc92e9cb0a Mon Sep 17 00:00:00 2001
From: Guillaume Rousse <guillaume.rousse@renater.fr>
Date: Tue, 14 Nov 2017 11:53:50 +0100
Subject: [PATCH] sanitize HTML indentation
---
templates/web/generate_token.tt2.html | 12 +-
templates/web/index.tt2.html | 159 +++++++++++++-------------
templates/web/validate_token.tt2.html | 109 ++++++++----------
3 files changed, 131 insertions(+), 149 deletions(-)
diff --git a/templates/web/generate_token.tt2.html b/templates/web/generate_token.tt2.html
index b184ac2..5ff8f61 100644
--- a/templates/web/generate_token.tt2.html
+++ b/templates/web/generate_token.tt2.html
@@ -5,13 +5,9 @@ An email challenge including a validation token has been emailed to you at [% em
<fieldset>
<legend>Validation Token</legend>
- <label for="authentication_token">Please provide the validation token here:</label>
-
-<input name="authentication_token" value="" id="authentication_token" type="text" class="required error"/>
-
-<input type="hidden" name="sp_entityid" value="[% sp_entityid %]" id="sp_entityid"/>
-<input type="hidden" name="email_address" value="[% email_address %]" id="email_address"/>
-
-
+ <label for="authentication_token">Please provide the validation token here:</label>
+ <input name="authentication_token" value="" id="authentication_token" type="text" class="required error"/>
+ <input type="hidden" name="sp_entityid" value="[% sp_entityid %]" id="sp_entityid"/>
+ <input type="hidden" name="email_address" value="[% email_address %]" id="email_address"/>
</fieldset>
diff --git a/templates/web/index.tt2.html b/templates/web/index.tt2.html
index f48653e..161613e 100644
--- a/templates/web/index.tt2.html
+++ b/templates/web/index.tt2.html
@@ -5,27 +5,27 @@ Content-Type: text/html
html1/DTD/xhtml1-transitional.dtd">
<html xml:lang="[% iso639 = locale.match('^(.)(.)'); iso639.0; iso639.1 %]" xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes">
-
-<link rel="icon" type="image/png" href="images/favicon.png" />
-
-<!-- Foundation css -->
-<link rel="stylesheet" type="text/css" href="foundation/css/normalize.css">
-<link rel="stylesheet" type="text/css" href="foundation/css/foundation.css">
-
-<link href="jquery.steps.css" rel="stylesheet">
-<link rel="stylesheet" type="text/css" href="jquery-ui-1.11.1/jquery-ui.min.css" />
-<link rel="stylesheet" type="text/css" href="css/style.css" />
-
-<script type="text/javascript" src="jquery-1.11.1.min.js"></script>
-<script type="text/javascript" src="jquery-ui-1.11.1/jquery-ui.min.js"></script>
-<script type="text/javascript" src="jquery.validate.1.13.0.min.js"></script>
-<script type="text/javascript" src="jquery.cookie-1.4.1.min.js"></script>
-<script type="text/javascript" src="jquery.steps.1.1.0.min.js"></script>
-
-<SCRIPT TYPE="text/javascript">
+ <head>
+ <meta http-equiv="content-type" content="text/html; charset=utf-8" />
+ <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes">
+
+ <link rel="icon" type="image/png" href="images/favicon.png" />
+
+ <!-- Foundation css -->
+ <link rel="stylesheet" type="text/css" href="foundation/css/normalize.css">
+ <link rel="stylesheet" type="text/css" href="foundation/css/foundation.css">
+
+ <link href="jquery.steps.css" rel="stylesheet">
+ <link rel="stylesheet" type="text/css" href="jquery-ui-1.11.1/jquery-ui.min.css" />
+ <link rel="stylesheet" type="text/css" href="css/style.css" />
+
+ <script type="text/javascript" src="jquery-1.11.1.min.js"></script>
+ <script type="text/javascript" src="jquery-ui-1.11.1/jquery-ui.min.js"></script>
+ <script type="text/javascript" src="jquery.validate.1.13.0.min.js"></script>
+ <script type="text/javascript" src="jquery.cookie-1.4.1.min.js"></script>
+ <script type="text/javascript" src="jquery.steps.1.1.0.min.js"></script>
+
+ <script TYPE="text/javascript">
<!--
// To confirm on a link (A HREF)
@@ -182,71 +182,66 @@ jQuery(function($){
});
//-->
-</SCRIPT>
-
-
-<title>[% IF subtitle %][% title %] - [% subtitle %][% ELSE %][% title %][% END %]</title>
-
-</head>
-
-<body>
-<header>
- <ul>
- <li class="logo align-left"><a href="[% conf.app_url %]" title="[% conf.app_name %] home page"><img alt="eduGAIN logo" width="200" src="images/edugain_logo.png "/></a></li>
- <li> </li>
- <li class="logo align-right"><a href="http://www.geant.net" title="Geant home page" target="_blank"><img alt="GEANT logo" width="100" src="images/geant_logo_rgb_300dpi.jpg"/></a></li>
- </ul>
- <div class="title">
- <span class=""><h1>[% IF subtitle %][% title %] - [% subtitle %][% ELSE %][% title %][% END %]</h1></span>
- </div>
-</header>
-
-
-<div id="wrapper">
-
- <!--<div id="bandeau">
- <div class="logo">
- <img alt="GEANT logo" width="150" src="geant_logo_rgb_300dpi.jpg"/>
- </div>
- </div>-->
-
- <div id="content">
-
-[% IF errors %]
-<div class="ui-widget">
-[% PROCESS 'web/errors.tt2.html' %]
-</div>
-[% ELSE %]
-
-
-[% IF notifications %]
-<div class="ui-widget">
-[% PROCESS 'web/notices.tt2.html' %]
-</b></div>
-[% END %] <!-- notifications -->
-
-[% PROCESS 'web/content.tt2.html' %]
-
-[% END %] <!-- IF errors -->
-
-<p>
-
- <div>
-
-<footer>
- <span class="align-center">[% conf.app_name %] [% conf.version %] - <a href="mailto:[% conf.support_email %]">contact us</a></span>
-</footer>
- </div>
- </div>
-</div>
+</script>
+
+ <title>[% IF subtitle %][% title %] - [% subtitle %][% ELSE %][% title %][% END %]</title>
+
+ </head>
+
+ <body>
+ <header>
+ <ul>
+ <li class="logo align-left"><a href="[% conf.app_url %]" title="[% conf.app_name %] home page"><img alt="eduGAIN logo" width="200" src="images/edugain_logo.png "/></a></li>
+ <li> </li>
+ <li class="logo align-right"><a href="http://www.geant.net" title="Geant home page" target="_blank"><img alt="GEANT logo" width="100" src="images/geant_logo_rgb_300dpi.jpg"/></a></li>
+ </ul>
+ <div class="title">
+ <span class=""><h1>[% IF subtitle %][% title %] - [% subtitle %][% ELSE %][% title %][% END %]</h1></span>
+ </div>
+ </header>
+
+ <div id="wrapper">
+
+ <!--<div id="bandeau">
+ <div class="logo">
+ <img alt="GEANT logo" width="150" src="geant_logo_rgb_300dpi.jpg"/>
+ </div>
+ </div>-->
+
+ <div id="content">
+
+ [% IF errors %]
+ <div class="ui-widget">
+ [% PROCESS 'web/errors.tt2.html' %]
+ </div>
+ [% ELSE %]
+ [% IF notifications %]
+ <div class="ui-widget">
+ [% PROCESS 'web/notices.tt2.html' %]
+ </b>
+ </div>
+ [% END %] <!-- notifications -->
+
+ [% PROCESS 'web/content.tt2.html' %]
+
+ [% END %] <!-- IF errors -->
+
+ <p>
+
+ <div>
+ <footer>
+ <span class="align-center">[% conf.app_name %] [% conf.version %] - <a href="mailto:[% conf.support_email %]">contact us</a></span>
+ </footer>
+ </div>
+ </div>
+ </div>
<script src="foundation/js/foundation.min.js"></script>
- <script src="foundation/js/foundation/foundation.tooltip.js"></script>
+ <script src="foundation/js/foundation/foundation.tooltip.js"></script>
<script>
$(document).foundation();
</script>
-
-</div>
-</body>
+ </div>
+ </body>
</html>
diff --git a/templates/web/validate_token.tt2.html b/templates/web/validate_token.tt2.html
index 36ca149..2582260 100644
--- a/templates/web/validate_token.tt2.html
+++ b/templates/web/validate_token.tt2.html
@@ -1,78 +1,69 @@
<div class="row">
-<h2>Test Accounts</h2>
-<div class="alert-box success radius">
-<strong>Success:</strong> Your identity as administrator of the Service Provider with entityID <strong>[% sp_entityid %]</strong> could successfully be validated!
-</div>
-
-<h3>The following test accounts with different profiles were created for you:</h3>
-
- <p>You can now use these test accounts to login at your federated service.<br/>
-<strong>To do so, select the "[% conf.idp_displayname %]" when choosing an organisation to login at.</strong></p>
+ <div class="alert-box success radius">
+ <strong>Success:</strong> Your identity as administrator of the Service Provider with entityID <strong>[% sp_entityid %]</strong> could successfully be validated!
+ </div>
+ <h3>The following test accounts with different profiles were created for you:</h3>
+ <p>You can now use these test accounts to login at your federated service.<br/>
+ <strong>To do so, select the "[% conf.idp_displayname %]" when choosing an organisation to login at.</strong></p>
</div>
<div class="accounts_profile">
-
[% FOREACH account IN accounts %]
- <div class="tbl">
- <table>
- <caption>Account profile: [% account.profile() %]</caption>
- <tr>
- <th>user name:</th><td> user[% account.id() %]</td>
- </tr>
- <tr>
- <th>user password:</th><td>[% account.password() %]</td>
- </tr>
- <tr>
- <td colspan="2"><strong>comment:</strong><div><p>[% account.comment() %]</p></div></td>
- </tr>
- <tr>
- <td colspan=2 class="align-center" ><button data-reveal-id="account_details_[% account.id() %]" class="show_account_details" id="show_account_details_[% account.id() %]">show account details</button></td>
- </tr>
- </table>
- </div>
- <div class="accounts_profile reveal-modal" data-reveal id="account_details_[% account.id() %]"> <!-- old version : class="account_details"-->
- <h3>List of user attributes associated</h3>
- <p>Below is the list of user attributes associated to this test account. After a successfull authentication process these attributes are transmited
- via the SAML protocol from [% conf.app_name %] Identity Provider to your Service Provider.</p>
-<div>
- <table>
- <caption>List of user attributes</caption>
- [% FOREACH attribute IN [ 'cn', 'displayName', 'givenName', 'sn', 'mail', 'schacHomeOrganization', 'schacHomeOrganizationType', 'eduPersonPrincipalName' ] -%]
- <tr>
- <th>[% attribute %]</th><td> [% account.$attribute %]</td>
- </tr>
- [% END %]
- [% FOREACH attribute IN [ 'eduPersonAffiliation', 'eduPersonScopedAffiliation' ] -%]
- <tr>
- <th>[% attribute %]</th><td> [% account.$attribute.join(', ') %]</td>
- </tr>
- [% END %]
- <tr><th>eduPersonTargetedID:</th><td><i>value dynamically generated by the SP</i></td></tr>
- </table>
- </div>
-
- <div class="alert-box info radius">If you need a customized test account with additional user attributes, you should contact <a href="mailto:[% conf.support_email %]">[% conf.support_email %]</a>.</div>
- <div>(1) eduPersonAffiliation and eduPersonScoppedAffilisation attributes are assigned quite differently from federation to federation. <a href="http://tnc2010.terena.org/files/ePSA%20comparison%20v0%2006.ppt">This usage comparison of eduPersonAffiliation accross different countries</a> discusses these differences. Therefore its values should be handled with great care. </div>
-
- <a class="close-reveal-modal">×</a>
+ <div class="tbl">
+ <table>
+ <caption>Account profile: [% account.profile() %]</caption>
+ <tr>
+ <th>user name:</th><td> user[% account.id() %]</td>
+ </tr>
+ <tr>
+ <th>user password:</th><td>[% account.password() %]</td>
+ </tr>
+ <tr>
+ <td colspan="2"><strong>comment:</strong><div><p>[% account.comment() %]</p></div></td>
+ </tr>
+ <tr>
+ <td colspan=2 class="align-center" ><button data-reveal-id="account_details_[% account.id() %]" class="show_account_details" id="show_account_details_[% account.id() %]">show account details</button></td>
+ </tr>
+ </table>
+ </div>
+ <div class="accounts_profile reveal-modal" data-reveal id="account_details_[% account.id() %]"> <!-- old version : class="account_details"-->
+ <h3>List of user attributes associated</h3>
+ <p>Below is the list of user attributes associated to this test account. After a successfull authentication process these attributes are transmited
+ via the SAML protocol from [% conf.app_name %] Identity Provider to your Service Provider.</p>
+ <div>
+ <table>
+ <caption>List of user attributes</caption>
+ [% FOREACH attribute IN [ 'cn', 'displayName', 'givenName', 'sn', 'mail', 'schacHomeOrganization', 'schacHomeOrganizationType', 'eduPersonPrincipalName' ] -%]
+ <tr>
+ <th>[% attribute %]</th><td> [% account.$attribute %]</td>
+ </tr>
+ [% END %]
+ [% FOREACH attribute IN [ 'eduPersonAffiliation', 'eduPersonScopedAffiliation' ] -%]
+ <tr>
+ <th>[% attribute %]</th><td> [% account.$attribute.join(', ') %]</td>
+ </tr>
+ [% END %]
+ <tr>
+ <th>eduPersonTargetedID:</th><td><i>value dynamically generated by the SP</i></td>
+ </tr>
+ </table>
</div>
- </dl>
+ <div class="alert-box info radius">If you need a customized test account with additional user attributes, you should contact <a href="mailto:[% conf.support_email %]">[% conf.support_email %]</a>.</div>
+ <div>(1) eduPersonAffiliation and eduPersonScoppedAffilisation attributes are assigned quite differently from federation to federation. <a href="http://tnc2010.terena.org/files/ePSA%20comparison%20v0%2006.ppt">This usage comparison of eduPersonAffiliation accross different countries</a> discusses these differences. Therefore its values should be handled with great care.</div>
+ <a class="close-reveal-modal">×</a>
+ </div>
[% END %]
-
-
</div>
- <p><strong>Please keep a record of the above user names and passwords</strong> because currently there is no mecanism to retrieve the above credentials once you close this page. If you forget the username and passwords, you can however request new test accounts.</p>
+<p><strong>Please keep a record of the above user names and passwords</strong> because currently there is no mecanism to retrieve the above credentials once you close this page. If you forget the username and passwords, you can however request new test accounts.</p>
<div class="alert-box warning radius">
- <p>Note that these test accounts will automatically expire in [% conf.accounts_validity_period %] days and that they can only be used to test federated login to your eduGAIN-enabled Service Provider with entityID <strong>[% sp_entityid %]</strong>.</p>
+ <p>Note that these test accounts will automatically expire in [% conf.accounts_validity_period %] days and that they can only be used to test federated login to your eduGAIN-enabled Service Provider with entityID <strong>[% sp_entityid %]</strong>.</p>
</div>
<p class="align-center"><Strong>Thank you for using the [% conf.app_name %]</strong></p>
-
-
--
GitLab