/ 
Yukki-0.140290
River stage zero No dependents
/ Yukki::Web::View
Security Advisories (5)
CVE-2010-5312 (2014-11-24)

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

CVE-2021-41182 (2021-10-26)

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.

CVE-2021-41183 (2021-10-26)

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.

CVE-2021-41184 (2021-10-26)

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.

CVE-2016-4566 (2016-05-22)

Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.

NAME

Yukki::Web::View - base class for Yukki::Web views

VERSION

version 0.140290

DESCRIPTION

This is the base class for all Yukki::Web views.

ATTRIBUTES

app

This is the Yukki::Web singleton.

markdown

This is the Text::MultiMarkdown object for rendering "yukkitext". Do not use.

Provides a format_markdown method delegated to markdown. Do not use.

semantic

This is the Template::Semantic object that transforms the templates. Do not use.

METHODS

render_page

my $document = $self->render_page({
    template => 'foo.html',
    context  => $ctx,
    vars     => { ... },
});

This renders the given template and places it into the content section of the shell.html template.

The context is used to render parts of the shell template.

The vars are processed against the given template with Template::Semantic.

available_menu_items

my @items = $self->available_menu_items($ctx, 'menu_name');

Retrieves the navigation menu from the Yukki::Web::Response and purges any links that the current user does not have access to.

my $document = $self->render_links(\@navigation_links);

This renders a set of links using the links.html template.

render

my $document = $self->render({
    template => 'foo.html',
    vars     => { ... },
});

This renders the named template using Template::Semantic. The vars are used as the ones passed to the process method.

AUTHOR

Andrew Sterling Hanenkamp <hanenkamp@cpan.org>

COPYRIGHT AND LICENSE

This software is copyright (c) 2014 by Qubling Software LLC.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.