Make microdata XSS-safe and subevent-aware

2026-05-06 15:24:02 +00:00 · 2017-07-16 17:52:08 +02:00
parent 9c6090a355
commit 8afff29cd4
4 changed files with 35 additions and 27 deletions
--- a/src/pretix/presale/templates/pretixpresale/base.html
+++ b/src/pretix/presale/templates/pretixpresale/base.html
@@ -30,13 +30,6 @@
        <script type="text/javascript" src="{% static "pretixpresale/js/ui/typocheck.js" %}"></script>
        <script type="text/javascript" src="{% static "lightbox/js/lightbox.min.js" %}"></script>
    {% endcompress %}
-    {% if event %}
-        {% autoescape off %}
-        <script type="application/ld+json">
-            {{ event.event_microdata }}
-        </script>
-        {% endautoescape %}
-    {% endif %}
    <meta name="referrer" content="origin">
    {{ html_head|safe }}
    <meta name="viewport" content="width=device-width, initial-scale=1">
--- a/src/pretix/presale/templates/pretixpresale/event/index.html
+++ b/src/pretix/presale/templates/pretixpresale/event/index.html
@@ -8,6 +8,12 @@
 {% block title %}{% trans "Presale" %}{% endblock %}

 {% block content %}
+
+    {% autoescape off %}
+        <script type="application/ld+json">
+            {{ ev.event_microdata }}
+        </script>
+    {% endautoescape %}
    {% if show_cart %}
        <div class="panel panel-primary cart">
            <div class="panel-heading">