aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--renderer/renderer.go2
-rw-r--r--templates/search.tmpl2
-rw-r--r--templates/usersearch.tmpl2
3 files changed, 4 insertions, 2 deletions
diff --git a/renderer/renderer.go b/renderer/renderer.go
index 4d35ba7..a15bebf 100644
--- a/renderer/renderer.go
+++ b/renderer/renderer.go
@@ -2,6 +2,7 @@ package renderer
import (
"fmt"
+ htemplate "html/template"
"io"
"strconv"
"strings"
@@ -145,6 +146,7 @@ func NewRenderer(templateGlobPattern string) (r *renderer, err error) {
"FormatTimeRFC3339": formatTimeRFC3339,
"FormatTimeRFC822": formatTimeRFC822,
"WithContext": withContext,
+ "HTMLEscape": htemplate.HTMLEscapeString,
}).ParseGlob(templateGlobPattern)
if err != nil {
return
diff --git a/templates/search.tmpl b/templates/search.tmpl
index 560a2c9..11c584a 100644
--- a/templates/search.tmpl
+++ b/templates/search.tmpl
@@ -5,7 +5,7 @@
<form class="search-form" action="/search" method="GET">
<span class="post-form-field>
<label for="query"> Query </label>
- <input id="query" name="q" value="{{.Q}}">
+ <input id="query" name="q" value="{{.Q | HTMLEscape}}">
</span>
<span class="post-form-field>
<label for="type"> Type </label>
diff --git a/templates/usersearch.tmpl b/templates/usersearch.tmpl
index ca99b4c..e5f2bfc 100644
--- a/templates/usersearch.tmpl
+++ b/templates/usersearch.tmpl
@@ -5,7 +5,7 @@
<form class="search-form" action="/usersearch/{{.User.ID}}" method="GET">
<span class="post-form-field>
<label for="query"> Query </label>
- <input id="query" name="q" value="{{.Q}}">
+ <input id="query" name="q" value="{{.Q | HTMLEscape}}">
</span>
<button type="submit"> Search </button>
</form>
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-03 07:02:43 +0000