diff --git a/IPython/frontend/html/notebook/handlers.py b/IPython/frontend/html/notebook/handlers.py index 06a3b37e7..f9868054d 100644 --- a/IPython/frontend/html/notebook/handlers.py +++ b/IPython/frontend/html/notebook/handlers.py @@ -29,6 +29,7 @@ import time import uuid import os +import tornado from tornado import web from tornado import websocket @@ -225,7 +226,7 @@ class LoginHandler(AuthenticatedHandler): def _render(self, message=None): template = self.application.jinja2_env.get_template('login.html') self.write( template.render( - next=self.get_argument('next', default=self.application.ipython_app.base_project_url), + next=tornado.escape.url_escape(self.get_argument('next', default=self.application.ipython_app.base_project_url)), read_only=self.read_only, logged_in=self.logged_in, login_available=self.login_available, diff --git a/IPython/frontend/html/notebook/templates/login.html b/IPython/frontend/html/notebook/templates/login.html index 2ac7b653d..22fb50958 100644 --- a/IPython/frontend/html/notebook/templates/login.html +++ b/IPython/frontend/html/notebook/templates/login.html @@ -1,14 +1,14 @@ -{% extends page.html %} +{% extends "page.html" %} {% block stylesheet %} -{% end %} +{% endblock %} {% block login_widget %} -{% end %} +{% endblock %} {% block site %} @@ -16,27 +16,27 @@
{% if login_available %} -
+ Password:
- {% end %} + {% endif %} {% if message %} {% for key in message %}
{{message[key]}}
- {% end %} - {% end %} + {% endfor %} + {% endif %}
-{% end %} +{% endblock %} {% block script %} -{% end %} +{% endblock %} diff --git a/IPython/frontend/html/notebook/templates/logout.html b/IPython/frontend/html/notebook/templates/logout.html index 9ea495bb3..e074d89ff 100644 --- a/IPython/frontend/html/notebook/templates/logout.html +++ b/IPython/frontend/html/notebook/templates/logout.html @@ -1,14 +1,14 @@ -{% extends page.html %} +{% extends "page.html" %} {% block stylesheet %} -{% end %} +{% endblock %} {% block login_widget %} -{% end %} +{% endblock %} {% block site %} @@ -19,22 +19,22 @@
{{message[key]}}
- {% end %} - {% end %} + {% endfor %} + {% endif %} {% if read_only or not login_available %} Proceed to the dashboard. {% else %} Proceed to the login page. - {% end %} + {% endif %}
-{% end %} +{% endblock %} {% block script %} -{% end %} +{% endblock %}