12 files changed, 31 insertions, 25 deletions

diff --git a/renderer/renderer.go b/renderer/renderer.go
index 20a3c05..6e50270 100644
--- a/renderer/renderer.go
+++ b/renderer/renderer.go
@@ -1,11 +1,11 @@
 package renderer
 
 import (
+	"html/template"
 	"io"
 	"regexp"
 	"strconv"
 	"strings"
-	"text/template"
 	"time"
 
 	"bloat/mastodon"
@@ -54,10 +54,7 @@ func emojiFilter(content string, emojis []mastodon.Emoji) string {
 
 var quoteRE = regexp.MustCompile("(?mU)(^|> *|\n)(&gt;.*)(<br|$)")
 
-func statusContentFilter(spoiler, content string, emojis []mastodon.Emoji, mentions []mastodon.Mention) string {
-	if len(spoiler) > 0 {
-		content = spoiler + "<br/>" + content
-	}
+func statusContentFilter(content string, emojis []mastodon.Emoji, mentions []mastodon.Mention) string {
 	content = quoteRE.ReplaceAllString(content, `$1<span class="quote">$2</span>$3`)
 	var replacements []string
 	for _, e := range emojis {
@@ -129,6 +126,10 @@ func withContext(data interface{}, ctx *Context) TemplateData {
 	return TemplateData{data, ctx}
 }
 
+func raw(s string) template.HTML {
+	return template.HTML(s)
+}
+
 type Renderer interface {
 	Render(ctx *Context, writer io.Writer, page string, data interface{}) (err error)
 }
@@ -148,6 +149,8 @@ func NewRenderer(templateGlobPattern string) (r *renderer, err error) {
 		"FormatTimeRFC3339":       formatTimeRFC3339,
 		"FormatTimeRFC822":        formatTimeRFC822,
 		"WithContext":             withContext,
+		"HTML":                    template.HTMLEscapeString,
+		"Raw":                     raw,
 	}).ParseGlob(templateGlobPattern)
 	if err != nil {
 		return
diff --git a/service/service.go b/service/service.go
index 64c7bf0..cda42f8 100644
--- a/service/service.go
+++ b/service/service.go
@@ -711,7 +711,7 @@ func (s *service) UserSearchPage(c *client,
 	if len(results.Statuses) == 20 {
 		offset += 20
 		nextLink = fmt.Sprintf("/usersearch/%s?q=%s&offset=%d", id,
-			url.QueryEscape(q), offset)
+			q, offset)
 	}
 
 	if len(q) > 0 {
@@ -770,7 +770,7 @@ func (s *service) SearchPage(c *client,
 		(qType == "statuses" && len(results.Statuses) == 20) {
 		offset += 20
 		nextLink = fmt.Sprintf("/search?q=%s&type=%s&offset=%d",
-			url.QueryEscape(q), qType, offset)
+			q, qType, offset)
 	}
 
 	if len(q) > 0 {
diff --git a/templates/header.tmpl b/templates/header.tmpl
index 8eb53f6..1abb6dd 100644
--- a/templates/header.tmpl
+++ b/templates/header.tmpl
@@ -17,7 +17,7 @@
 	{{if .RefreshInterval}}
 	<meta http-equiv="refresh" content="{{.RefreshInterval}}">
 	{{end}}
-	<title> {{if gt .Count 0}}({{.Count}}){{end}} {{.Title | html}} </title>
+	<title> {{if gt .Count 0}}({{.Count}}){{end}} {{.Title}} </title>
 	<link rel="stylesheet" href="/static/style.css">
 	{{if .CustomCSS}}
 	<link rel="stylesheet" href="{{.CustomCSS}}">
diff --git a/templates/list.tmpl b/templates/list.tmpl
index 1b15278..dcc6ee8 100644
--- a/templates/list.tmpl
+++ b/templates/list.tmpl
@@ -33,7 +33,7 @@
 <form class="search-form" action="/list/{{.List.ID}}" method="GET">
 	<span class="post-form-field">
 		<label for="query"> Query </label>
-		<input id="query" name="q" value="{{.Q | html}}">
+		<input id="query" name="q" value="{{.Q}}">
 	</span>
 	<button type="submit"> Search </button>
 </form>
diff --git a/templates/nav.tmpl b/templates/nav.tmpl
index e7a7981..db88aa0 100644
--- a/templates/nav.tmpl
+++ b/templates/nav.tmpl
@@ -8,7 +8,7 @@
 	</div>
 	<div class="user-info-details-container">
 		<div class="user-info-details-name">
-			<bdi class="status-dname"> {{EmojiFilter (html .User.DisplayName) .User.Emojis}} </bdi>  
+			<bdi class="status-dname"> {{EmojiFilter (HTML .User.DisplayName) .User.Emojis | Raw}} </bdi>
 			<a class="nav-link" href="/user/{{.User.ID}}" accesskey="0" title="User profile (0)">
 				<span class="status-uname"> @{{.User.Acct}} </span>
 			</a>
diff --git a/templates/notification.tmpl b/templates/notification.tmpl
index a7f88a7..f62726b 100644
--- a/templates/notification.tmpl
+++ b/templates/notification.tmpl
@@ -28,7 +28,7 @@
 		</div>
 		<div class="notification-follow">
 			<div class="notification-info-text">
-				<bdi class="status-dname"> {{EmojiFilter (html .Account.DisplayName) .Account.Emojis}} </bdi>  
+				<bdi class="status-dname"> {{EmojiFilter (HTML .Account.DisplayName) .Account.Emojis | Raw}} </bdi>
 				<span class="notification-text"> followed you - 
 					<time datetime="{{FormatTimeRFC3339 .CreatedAt}}" title="{{FormatTimeRFC822 .CreatedAt}}">{{TimeSince .CreatedAt}}</time> 
 				</span>
@@ -48,7 +48,7 @@
 		</div>
 		<div class="notification-follow">
 			<div class="notification-info-text">
-				<bdi class="status-dname"> {{EmojiFilter (html .Account.DisplayName) .Account.Emojis}} </bdi>  
+				<bdi class="status-dname"> {{EmojiFilter (HTML .Account.DisplayName) .Account.Emojis | Raw}} </bdi>
 				<span class="notification-text"> wants to follow you - 
 					<time datetime="{{FormatTimeRFC3339 .CreatedAt}}" title="{{FormatTimeRFC822 .CreatedAt}}">{{TimeSince .CreatedAt}}</time> 
 				</span>
diff --git a/templates/requestlist.tmpl b/templates/requestlist.tmpl
index d9b2b0a..1a51e31 100644
--- a/templates/requestlist.tmpl
+++ b/templates/requestlist.tmpl
@@ -9,7 +9,7 @@
 		</div>
 		<div class="user-list-name">
 			<div>
-				<div class="status-dname"> {{EmojiFilter (html .DisplayName) .Emojis}} </div>  
+				<div class="status-dname"> {{EmojiFilter (HTML .DisplayName) .Emojis | Raw}} </div>
 				<a class="img-link" href="/user/{{.ID}}">
 					<div class="status-uname"> @{{.Acct}} </div>
 				</a>
diff --git a/templates/search.tmpl b/templates/search.tmpl
index 7338cad..0473d4a 100644
--- a/templates/search.tmpl
+++ b/templates/search.tmpl
@@ -5,7 +5,7 @@
 <form class="search-form" action="/search" method="GET">
 	<span class="post-form-field">
 		<label for="query"> Query </label>
-		<input id="query" name="q" value="{{.Q | html}}">
+		<input id="query" name="q" value="{{.Q}}">
 	</span>
 	<span class="post-form-field">
 		<label for="type"> Type </label>
diff --git a/templates/status.tmpl b/templates/status.tmpl
index dda1d79..fd0940f 100644
--- a/templates/status.tmpl
+++ b/templates/status.tmpl
@@ -5,7 +5,7 @@
 		<a class="img-link" href="/user/{{.Account.ID}}">
 			<img class="status-profile-img" src="{{.Account.Avatar}}" title="@{{.Account.Acct}}" alt="avatar" height="24" />
 		</a>
-		<bdi class="status-dname"> {{EmojiFilter (html .Account.DisplayName) .Account.Emojis}} </bdi>  
+		<bdi class="status-dname"> {{EmojiFilter (HTML .Account.DisplayName) .Account.Emojis | Raw}} </bdi>
 		<a href="/user/{{.Account.ID}}"> 
 			<span class="status-uname"> @{{.Account.Acct}} </span> 
 		</a>
@@ -23,7 +23,7 @@
 		</div>
 		<div class="status"> 
 			<div class="status-name">
-				<bdi class="status-dname"> {{EmojiFilter (html .Account.DisplayName) .Account.Emojis}} </bdi> 
+				<bdi class="status-dname"> {{EmojiFilter (HTML .Account.DisplayName) .Account.Emojis | Raw}} </bdi>
 				<a href="/user/{{.Account.ID}}">
 					<span class="status-uname"> @{{.Account.Acct}} </span>
 				</a>
@@ -91,7 +91,10 @@
 				{{end}}
 			</div>
 			{{if (or .Content .SpoilerText)}}
-			<div class="status-content"> {{StatusContentFilter (html .SpoilerText) .Content .Emojis .Mentions}} </div>
+			<div class="status-content">
+				{{if .SpoilerText}}{{EmojiFilter (HTML .SpoilerText) .Emojis | Raw}}<br/>{{end}}
+				{{StatusContentFilter .Content .Emojis .Mentions | Raw}}
+			</div>
 			{{end}}
 			{{if .MediaAttachments}}
 			<div class="status-media-container">
@@ -156,12 +159,12 @@
 				{{range $i, $o := .Poll.Options}}
 				<div class="poll-option">
 					{{if (or $s.Poll.Expired $s.Poll.Voted)}}
-					<div> {{EmojiFilter (html $o.Title) $s.Emojis}} - {{$o.VotesCount}} votes </div>
+					<div> {{EmojiFilter (HTML $o.Title) $s.Emojis | Raw}} - {{$o.VotesCount}} votes </div>
 					{{else}}
 					<input type="{{if $s.Poll.Multiple}}checkbox{{else}}radio{{end}}" name="choices" 
 						id="poll-{{$s.ID}}-{{$i}}" value="{{$i}}">
 					<label for="poll-{{$s.ID}}-{{$i}}"> 
-						{{EmojiFilter (html $o.Title) $s.Emojis}} 
+						{{EmojiFilter (HTML $o.Title) $s.Emojis | Raw}}
 					</label>
 					{{end}}
 				</div>
diff --git a/templates/user.tmpl b/templates/user.tmpl
index 2532a91..fd838b9 100644
--- a/templates/user.tmpl
+++ b/templates/user.tmpl
@@ -11,7 +11,7 @@
 	</div>
 	<div class="user-profile-details-container">
 		<div>
-			<bdi class="status-dname"> {{EmojiFilter (html .User.DisplayName) .User.Emojis}} </bdi>  
+			<bdi class="status-dname"> {{EmojiFilter (HTML .User.DisplayName) .User.Emojis | Raw}} </bdi>
 			<span class="status-uname"> @{{.User.Acct}} </span>
 			<a class="remote-link" href="{{.User.URL}}" target="_blank" title="remote profile">
 				source
@@ -129,10 +129,10 @@
 		</div>
 	</div>
 	<div class="user-profile-decription">
-	{{EmojiFilter .User.Note .User.Emojis}}
+	{{EmojiFilter .User.Note .User.Emojis | Raw}}
 	</div>
 	{{if .User.Fields}}{{range .User.Fields}}
-	<div>{{.Name}} - {{.Value}}</div>
+	<div>{{.Name}} - {{.Value | Raw}}</div>
 	{{end}}{{end}}
 </div>
 </div>
diff --git a/templates/userlistitem.tmpl b/templates/userlistitem.tmpl
index 51261c8..50b9d0c 100644
--- a/templates/userlistitem.tmpl
+++ b/templates/userlistitem.tmpl
@@ -6,7 +6,7 @@
 		</a>
 	</div>
 	<div class="user-list-name">
-		<div class="status-dname"> {{EmojiFilter (html .DisplayName) .Emojis}} </div>  
+		<div class="status-dname"> {{EmojiFilter (HTML .DisplayName) .Emojis | Raw}} </div>
 		<a class="img-link" href="/user/{{.ID}}">
 			<div class="status-uname"> @{{.Acct}} </div>
 		</a>
diff --git a/templates/usersearch.tmpl b/templates/usersearch.tmpl
index e95129c..52001c9 100644
--- a/templates/usersearch.tmpl
+++ b/templates/usersearch.tmpl
@@ -1,11 +1,11 @@
 {{with .Data}}
 {{template "header.tmpl" (WithContext .CommonData $.Ctx)}}
-<div class="page-title"> Search {{EmojiFilter (html .User.DisplayName) .User.Emojis}}'s statuses </div>
+<div class="page-title"> Search {{EmojiFilter (HTML .User.DisplayName) .User.Emojis | Raw}}'s statuses </div>
 
 <form class="search-form" action="/usersearch/{{.User.ID}}" method="GET">
 	<span class="post-form-field>
 		<label for="query"> Query </label>
-		<input id="query" name="q" value="{{.Q | html}}">
+		<input id="query" name="q" value="{{.Q}}">
 	</span>
 	<button type="submit"> Search </button>
 </form>