aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorr <r@freesoftwareextremist.com>2021-04-23 10:19:09 +0000
committerr <r@freesoftwareextremist.com>2021-04-23 10:19:09 +0000
commit469f2d1d25f0b266abb15eab410131ebe1856aad (patch)
tree9d43be7fd30af12d186e5a54adf2ee9228f3243b
parentbd74cb50e7e7be61f88687bc2d5f7ac63b45ea70 (diff)
downloadbloat-469f2d1d25f0b266abb15eab410131ebe1856aad.tar.gz
bloat-469f2d1d25f0b266abb15eab410131ebe1856aad.zip
Fix HTML escaping
-rw-r--r--service/service.go11
-rw-r--r--templates/header.tmpl2
-rw-r--r--templates/search.tmpl2
-rw-r--r--templates/status.tmpl6
-rw-r--r--templates/usersearch.tmpl2
5 files changed, 10 insertions, 13 deletions
diff --git a/service/service.go b/service/service.go
index 5d80c28..d548342 100644
--- a/service/service.go
+++ b/service/service.go
@@ -3,7 +3,6 @@ package service
import (
"errors"
"fmt"
- "html/template"
"mime/multipart"
"net/url"
"strings"
@@ -560,16 +559,15 @@ func (s *service) UserSearchPage(c *client,
url.QueryEscape(q), offset)
}
- qq := template.HTMLEscapeString(q)
if len(q) > 0 {
- title += " \"" + qq + "\""
+ title += " \"" + q + "\""
}
cdata := s.cdata(c, title, 0, 0, "")
data := &renderer.UserSearchData{
CommonData: cdata,
User: user,
- Q: qq,
+ Q: q,
Statuses: results.Statuses,
NextLink: nextLink,
}
@@ -620,15 +618,14 @@ func (s *service) SearchPage(c *client,
url.QueryEscape(q), qType, offset)
}
- qq := template.HTMLEscapeString(q)
if len(q) > 0 {
- title += " \"" + qq + "\""
+ title += " \"" + q + "\""
}
cdata := s.cdata(c, title, 0, 0, "")
data := &renderer.SearchData{
CommonData: cdata,
- Q: qq,
+ Q: q,
Type: qType,
Users: results.Accounts,
Statuses: results.Statuses,
diff --git a/templates/header.tmpl b/templates/header.tmpl
index 1abb6dd..8eb53f6 100644
--- a/templates/header.tmpl
+++ b/templates/header.tmpl
@@ -17,7 +17,7 @@
{{if .RefreshInterval}}
<meta http-equiv="refresh" content="{{.RefreshInterval}}">
{{end}}
- <title> {{if gt .Count 0}}({{.Count}}){{end}} {{.Title}} </title>
+ <title> {{if gt .Count 0}}({{.Count}}){{end}} {{.Title | html}} </title>
<link rel="stylesheet" href="/static/style.css">
{{if .CustomCSS}}
<link rel="stylesheet" href="{{.CustomCSS}}">
diff --git a/templates/search.tmpl b/templates/search.tmpl
index 0473d4a..7338cad 100644
--- a/templates/search.tmpl
+++ b/templates/search.tmpl
@@ -5,7 +5,7 @@
<form class="search-form" action="/search" method="GET">
<span class="post-form-field">
<label for="query"> Query </label>
- <input id="query" name="q" value="{{.Q}}">
+ <input id="query" name="q" value="{{.Q | html}}">
</span>
<span class="post-form-field">
<label for="type"> Type </label>
diff --git a/templates/status.tmpl b/templates/status.tmpl
index d6bfedf..7dcc0b6 100644
--- a/templates/status.tmpl
+++ b/templates/status.tmpl
@@ -88,7 +88,7 @@
{{end}}
</div>
{{if .Content}}
- <div class="status-content"> {{StatusContentFilter .SpoilerText .Content .Emojis .Mentions}} </div>
+ <div class="status-content"> {{StatusContentFilter (html .SpoilerText) .Content .Emojis .Mentions}} </div>
{{end}}
{{if .MediaAttachments}}
<div class="status-media-container">
@@ -153,12 +153,12 @@
{{range $i, $o := .Poll.Options}}
<div class="poll-option">
{{if (or $s.Poll.Expired $s.Poll.Voted)}}
- <div> {{EmojiFilter $o.Title $s.Emojis}} - {{$o.VotesCount}} votes </div>
+ <div> {{EmojiFilter $o.Title $s.Emojis | html}} - {{$o.VotesCount}} votes </div>
{{else}}
<input type="{{if $s.Poll.Multiple}}checkbox{{else}}radio{{end}}" name="choices"
id="poll-{{$s.ID}}-{{$i}}" value="{{$i}}">
<label for="poll-{{$s.ID}}-{{$i}}">
- {{EmojiFilter $o.Title $s.Emojis}}
+ {{EmojiFilter $o.Title $s.Emojis | html}}
</label>
{{end}}
</div>
diff --git a/templates/usersearch.tmpl b/templates/usersearch.tmpl
index 3f42f28..ee84143 100644
--- a/templates/usersearch.tmpl
+++ b/templates/usersearch.tmpl
@@ -5,7 +5,7 @@
<form class="search-form" action="/usersearch/{{.User.ID}}" method="GET">
<span class="post-form-field>
<label for="query"> Query </label>
- <input id="query" name="q" value="{{.Q}}">
+ <input id="query" name="q" value="{{.Q | html}}">
</span>
<button type="submit"> Search </button>
</form>