aboutsummaryrefslogtreecommitdiff
path: root/templates
diff options
context:
space:
mode:
authorr <r@freesoftwareextremist.com>2021-04-23 10:19:09 +0000
committerr <r@freesoftwareextremist.com>2021-04-23 10:19:09 +0000
commit469f2d1d25f0b266abb15eab410131ebe1856aad (patch)
tree9d43be7fd30af12d186e5a54adf2ee9228f3243b /templates
parentbd74cb50e7e7be61f88687bc2d5f7ac63b45ea70 (diff)
downloadbloat-469f2d1d25f0b266abb15eab410131ebe1856aad.tar.gz
bloat-469f2d1d25f0b266abb15eab410131ebe1856aad.zip
Fix HTML escaping
Diffstat (limited to 'templates')
-rw-r--r--templates/header.tmpl2
-rw-r--r--templates/search.tmpl2
-rw-r--r--templates/status.tmpl6
-rw-r--r--templates/usersearch.tmpl2
4 files changed, 6 insertions, 6 deletions
diff --git a/templates/header.tmpl b/templates/header.tmpl
index 1abb6dd..8eb53f6 100644
--- a/templates/header.tmpl
+++ b/templates/header.tmpl
@@ -17,7 +17,7 @@
{{if .RefreshInterval}}
<meta http-equiv="refresh" content="{{.RefreshInterval}}">
{{end}}
- <title> {{if gt .Count 0}}({{.Count}}){{end}} {{.Title}} </title>
+ <title> {{if gt .Count 0}}({{.Count}}){{end}} {{.Title | html}} </title>
<link rel="stylesheet" href="/static/style.css">
{{if .CustomCSS}}
<link rel="stylesheet" href="{{.CustomCSS}}">
diff --git a/templates/search.tmpl b/templates/search.tmpl
index 0473d4a..7338cad 100644
--- a/templates/search.tmpl
+++ b/templates/search.tmpl
@@ -5,7 +5,7 @@
<form class="search-form" action="/search" method="GET">
<span class="post-form-field">
<label for="query"> Query </label>
- <input id="query" name="q" value="{{.Q}}">
+ <input id="query" name="q" value="{{.Q | html}}">
</span>
<span class="post-form-field">
<label for="type"> Type </label>
diff --git a/templates/status.tmpl b/templates/status.tmpl
index d6bfedf..7dcc0b6 100644
--- a/templates/status.tmpl
+++ b/templates/status.tmpl
@@ -88,7 +88,7 @@
{{end}}
</div>
{{if .Content}}
- <div class="status-content"> {{StatusContentFilter .SpoilerText .Content .Emojis .Mentions}} </div>
+ <div class="status-content"> {{StatusContentFilter (html .SpoilerText) .Content .Emojis .Mentions}} </div>
{{end}}
{{if .MediaAttachments}}
<div class="status-media-container">
@@ -153,12 +153,12 @@
{{range $i, $o := .Poll.Options}}
<div class="poll-option">
{{if (or $s.Poll.Expired $s.Poll.Voted)}}
- <div> {{EmojiFilter $o.Title $s.Emojis}} - {{$o.VotesCount}} votes </div>
+ <div> {{EmojiFilter $o.Title $s.Emojis | html}} - {{$o.VotesCount}} votes </div>
{{else}}
<input type="{{if $s.Poll.Multiple}}checkbox{{else}}radio{{end}}" name="choices"
id="poll-{{$s.ID}}-{{$i}}" value="{{$i}}">
<label for="poll-{{$s.ID}}-{{$i}}">
- {{EmojiFilter $o.Title $s.Emojis}}
+ {{EmojiFilter $o.Title $s.Emojis | html}}
</label>
{{end}}
</div>
diff --git a/templates/usersearch.tmpl b/templates/usersearch.tmpl
index 3f42f28..ee84143 100644
--- a/templates/usersearch.tmpl
+++ b/templates/usersearch.tmpl
@@ -5,7 +5,7 @@
<form class="search-form" action="/usersearch/{{.User.ID}}" method="GET">
<span class="post-form-field>
<label for="query"> Query </label>
- <input id="query" name="q" value="{{.Q}}">
+ <input id="query" name="q" value="{{.Q | html}}">
</span>
<button type="submit"> Search </button>
</form>