diff options
| -rw-r--r-- | renderer/renderer.go | 2 | ||||
| -rw-r--r-- | service/service.go | 15 | ||||
| -rw-r--r-- | templates/search.tmpl | 2 | ||||
| -rw-r--r-- | templates/usersearch.tmpl | 2 |
4 files changed, 11 insertions, 10 deletions
diff --git a/renderer/renderer.go b/renderer/renderer.go index a5619c2..f90e8dc 100644 --- a/renderer/renderer.go +++ b/renderer/renderer.go @@ -2,7 +2,6 @@ package renderer import ( "fmt" - htemplate "html/template" "io" "strconv" "strings" @@ -146,7 +145,6 @@ func NewRenderer(templateGlobPattern string) (r *renderer, err error) { "FormatTimeRFC3339": formatTimeRFC3339, "FormatTimeRFC822": formatTimeRFC822, "WithContext": withContext, - "HTMLEscape": htemplate.HTMLEscapeString, }).ParseGlob(templateGlobPattern) if err != nil { return diff --git a/service/service.go b/service/service.go index c04557e..8db94f8 100644 --- a/service/service.go +++ b/service/service.go @@ -5,6 +5,7 @@ import ( "errors" "fmt" "mime/multipart" + "html/template" "net/url" "strings" @@ -589,18 +590,19 @@ func (svc *service) ServeUserSearchPage(c *model.Client, if len(results.Statuses) == 20 { offset += 20 - nextLink = fmt.Sprintf("/usersearch/%s?q=%s&offset=%d", id, q, offset) + nextLink = fmt.Sprintf("/usersearch/%s?q=%s&offset=%d", id, url.QueryEscape(q), offset) } + qq := template.HTMLEscapeString(q) if len(q) > 0 { - title += " \"" + q + "\"" + title += " \"" + qq + "\"" } commonData := svc.getCommonData(c, title) data := &renderer.UserSearchData{ CommonData: commonData, User: user, - Q: q, + Q: qq, Statuses: results.Statuses, NextLink: nextLink, } @@ -649,17 +651,18 @@ func (svc *service) ServeSearchPage(c *model.Client, if (qType == "accounts" && len(results.Accounts) == 20) || (qType == "statuses" && len(results.Statuses) == 20) { offset += 20 - nextLink = fmt.Sprintf("/search?q=%s&type=%s&offset=%d", q, qType, offset) + nextLink = fmt.Sprintf("/search?q=%s&type=%s&offset=%d", url.QueryEscape(q), qType, offset) } + qq := template.HTMLEscapeString(q) if len(q) > 0 { - title += " \"" + q + "\"" + title += " \"" + qq + "\"" } commonData := svc.getCommonData(c, title) data := &renderer.SearchData{ CommonData: commonData, - Q: q, + Q: qq, Type: qType, Users: results.Accounts, Statuses: results.Statuses, diff --git a/templates/search.tmpl b/templates/search.tmpl index 7273598..0473d4a 100644 --- a/templates/search.tmpl +++ b/templates/search.tmpl @@ -5,7 +5,7 @@ <form class="search-form" action="/search" method="GET"> <span class="post-form-field"> <label for="query"> Query </label> - <input id="query" name="q" value="{{.Q | HTMLEscape}}"> + <input id="query" name="q" value="{{.Q}}"> </span> <span class="post-form-field"> <label for="type"> Type </label> diff --git a/templates/usersearch.tmpl b/templates/usersearch.tmpl index e4989bb..3f42f28 100644 --- a/templates/usersearch.tmpl +++ b/templates/usersearch.tmpl @@ -5,7 +5,7 @@ <form class="search-form" action="/usersearch/{{.User.ID}}" method="GET"> <span class="post-form-field> <label for="query"> Query </label> - <input id="query" name="q" value="{{.Q | HTMLEscape}}"> + <input id="query" name="q" value="{{.Q}}"> </span> <button type="submit"> Search </button> </form> |