commit 0bf148dba139a1fc8ed07cd1a8376e9a0fc89889
Author: Paladox <thomasmulhall410@yahoo.com>
Date:   Wed Sep 6 22:31:46 2017 +0100

    Gerrit: Convert its base templates to soy (closure template)
    
    This fixes a security issue described in T140366
    
    This change can be merged once we upgrade to 2.14.
    
    and deploy change
    https://gerrit-review.googlesource.com/#/c/plugins/its-base/+/108215/
    
    Bug: T140366
    Change-Id: I2d34a1fefcbef0b730368e5457da7191cef39a92

diff --git a/modules/gerrit/files/etc/its/actions.config b/modules/gerrit/files/etc/its/actions.config
index c9ad7b1f24..006d3247ac 100644
--- a/modules/gerrit/files/etc/its/actions.config
+++ b/modules/gerrit/files/etc/its/actions.config
@@ -10,18 +10,18 @@
 	status = !,DRAFT
 	is-draft = !,true
 	association = subject,footer-Bug,footer-bug
-	action = add-velocity-comment PatchSetMerged
+	action = add-soy-comment PatchSetMerged
 
 [rule "patchSetCreated"]
 	event-type = patchset-created
 	status = !,DRAFT
 	is-draft = !,true
 	association = added@subject,added@footer-Bug,added@footer-bug
-	action = add-velocity-comment PatchSetCreated
+	action = add-soy-comment PatchSetCreated
 	action = add-project Patch-For-Review
 
 [rule "changeDraftPublished"]
 	event-type = draft-published
 	association = added@subject,added@footer-Bug,added@footer-bug
-	action = add-velocity-comment DraftPublished
+	action = add-soy-comment DraftPublished
 	action = add-project Patch-For-Review
diff --git a/modules/gerrit/files/etc/its/templates/DraftPublished.soy b/modules/gerrit/files/etc/its/templates/DraftPublished.soy
new file mode 100644
index 0000000000..7b6c60b0d1
--- /dev/null
+++ b/modules/gerrit/files/etc/its/templates/DraftPublished.soy
@@ -0,0 +1,34 @@
+/**
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+{namespace etc.its.templates}
+
+/**
+ * The .DraftPublished template
+ * @param branch
+ * @param project
+ * @param subject
+ * @param changeNumber
+ * @param authorName
+ * @param formatChangeUrl
+ *
+ */
+{template .DraftPublished autoescape="strict" kind="text"}
+  Change {$changeNumber} had a related patch set (by {$authorName}) published:{\n}
+  [{$project}@{$branch}] {$subject|escapeUri}{\n}{\n}
+
+  {$formatChangeUrl}
+{/template}
diff --git a/modules/gerrit/files/etc/its/templates/PatchSetCreated.soy b/modules/gerrit/files/etc/its/templates/PatchSetCreated.soy
new file mode 100644
index 0000000000..4170244b76
--- /dev/null
+++ b/modules/gerrit/files/etc/its/templates/PatchSetCreated.soy
@@ -0,0 +1,35 @@
+/**
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+{namespace etc.its.templates}
+
+/**
+ * The .PatchSetCreated template
+ * @param branch
+ * @param project
+ * @param subject
+ * @param changeNumber
+ * @param uploaderName
+ * @param authorName
+ * @param formatChangeUrl
+ *
+ */
+{template .PatchSetCreated autoescape="strict" kind="text"}
+  Change {$changeNumber} had a related patch set uploaded (by {$uploaderName}; owner: {$authorName}):{\n}
+  [{$project}@{$branch}] {$subject|escapeUri}{\n}{\n}
+
+  ${formatChangeUrl}
+{/template}
diff --git a/modules/gerrit/files/etc/its/templates/PatchSetMerged.soy b/modules/gerrit/files/etc/its/templates/PatchSetMerged.soy
new file mode 100644
index 0000000000..0dc04dd6f8
--- /dev/null
+++ b/modules/gerrit/files/etc/its/templates/PatchSetMerged.soy
@@ -0,0 +1,34 @@
+/**
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+{namespace etc.its.templates}
+
+/**
+ * The .PatchSetMerged template
+ * @param branch
+ * @param project
+ * @param subject
+ * @param changeNumber
+ * @param submitterName
+ * @param formatChangeUrl
+ *
+ */
+{template .PatchSetMerged autoescape="strict" kind="text"}
+  Change {$changeNumber} merged by {$submitterName}:
+  [{$project}@{$branch}] {$subject|escapeUri}
+
+  ${formatChangeUrl}
+{/template}