Fix HTML escaping
This commit is contained in:
r
parent
bd74cb50e7
commit
469f2d1d25
@ -3,7 +3,6 @@ package service
|
|||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"html/template"
|
|
||||||
"mime/multipart"
|
"mime/multipart"
|
||||||
"net/url"
|
"net/url"
|
||||||
"strings"
|
"strings"
|
||||||
@ -560,16 +559,15 @@ func (s *service) UserSearchPage(c *client,
|
|||||||
url.QueryEscape(q), offset)
|
url.QueryEscape(q), offset)
|
||||||
}
|
}
|
||||||
|
|
||||||
qq := template.HTMLEscapeString(q)
|
|
||||||
if len(q) > 0 {
|
if len(q) > 0 {
|
||||||
title += " \"" + qq + "\""
|
title += " \"" + q + "\""
|
||||||
}
|
}
|
||||||
|
|
||||||
cdata := s.cdata(c, title, 0, 0, "")
|
cdata := s.cdata(c, title, 0, 0, "")
|
||||||
data := &renderer.UserSearchData{
|
data := &renderer.UserSearchData{
|
||||||
CommonData: cdata,
|
CommonData: cdata,
|
||||||
User: user,
|
User: user,
|
||||||
Q: qq,
|
Q: q,
|
||||||
Statuses: results.Statuses,
|
Statuses: results.Statuses,
|
||||||
NextLink: nextLink,
|
NextLink: nextLink,
|
||||||
}
|
}
|
||||||
@ -620,15 +618,14 @@ func (s *service) SearchPage(c *client,
|
|||||||
url.QueryEscape(q), qType, offset)
|
url.QueryEscape(q), qType, offset)
|
||||||
}
|
}
|
||||||
|
|
||||||
qq := template.HTMLEscapeString(q)
|
|
||||||
if len(q) > 0 {
|
if len(q) > 0 {
|
||||||
title += " \"" + qq + "\""
|
title += " \"" + q + "\""
|
||||||
}
|
}
|
||||||
|
|
||||||
cdata := s.cdata(c, title, 0, 0, "")
|
cdata := s.cdata(c, title, 0, 0, "")
|
||||||
data := &renderer.SearchData{
|
data := &renderer.SearchData{
|
||||||
CommonData: cdata,
|
CommonData: cdata,
|
||||||
Q: qq,
|
Q: q,
|
||||||
Type: qType,
|
Type: qType,
|
||||||
Users: results.Accounts,
|
Users: results.Accounts,
|
||||||
Statuses: results.Statuses,
|
Statuses: results.Statuses,
|
||||||
|
|||||||
@ -17,7 +17,7 @@
|
|||||||
{{if .RefreshInterval}}
|
{{if .RefreshInterval}}
|
||||||
<meta http-equiv="refresh" content="{{.RefreshInterval}}">
|
<meta http-equiv="refresh" content="{{.RefreshInterval}}">
|
||||||
{{end}}
|
{{end}}
|
||||||
<title> {{if gt .Count 0}}({{.Count}}){{end}} {{.Title}} </title>
|
<title> {{if gt .Count 0}}({{.Count}}){{end}} {{.Title | html}} </title>
|
||||||
<link rel="stylesheet" href="/static/style.css">
|
<link rel="stylesheet" href="/static/style.css">
|
||||||
{{if .CustomCSS}}
|
{{if .CustomCSS}}
|
||||||
<link rel="stylesheet" href="{{.CustomCSS}}">
|
<link rel="stylesheet" href="{{.CustomCSS}}">
|
||||||
|
|||||||
@ -5,7 +5,7 @@
|
|||||||
<form class="search-form" action="/search" method="GET">
|
<form class="search-form" action="/search" method="GET">
|
||||||
<span class="post-form-field">
|
<span class="post-form-field">
|
||||||
<label for="query"> Query </label>
|
<label for="query"> Query </label>
|
||||||
<input id="query" name="q" value="{{.Q}}">
|
<input id="query" name="q" value="{{.Q | html}}">
|
||||||
</span>
|
</span>
|
||||||
<span class="post-form-field">
|
<span class="post-form-field">
|
||||||
<label for="type"> Type </label>
|
<label for="type"> Type </label>
|
||||||
|
|||||||
@ -88,7 +88,7 @@
|
|||||||
{{end}}
|
{{end}}
|
||||||
</div>
|
</div>
|
||||||
{{if .Content}}
|
{{if .Content}}
|
||||||
<div class="status-content"> {{StatusContentFilter .SpoilerText .Content .Emojis .Mentions}} </div>
|
<div class="status-content"> {{StatusContentFilter (html .SpoilerText) .Content .Emojis .Mentions}} </div>
|
||||||
{{end}}
|
{{end}}
|
||||||
{{if .MediaAttachments}}
|
{{if .MediaAttachments}}
|
||||||
<div class="status-media-container">
|
<div class="status-media-container">
|
||||||
@ -153,12 +153,12 @@
|
|||||||
{{range $i, $o := .Poll.Options}}
|
{{range $i, $o := .Poll.Options}}
|
||||||
<div class="poll-option">
|
<div class="poll-option">
|
||||||
{{if (or $s.Poll.Expired $s.Poll.Voted)}}
|
{{if (or $s.Poll.Expired $s.Poll.Voted)}}
|
||||||
<div> {{EmojiFilter $o.Title $s.Emojis}} - {{$o.VotesCount}} votes </div>
|
<div> {{EmojiFilter $o.Title $s.Emojis | html}} - {{$o.VotesCount}} votes </div>
|
||||||
{{else}}
|
{{else}}
|
||||||
<input type="{{if $s.Poll.Multiple}}checkbox{{else}}radio{{end}}" name="choices"
|
<input type="{{if $s.Poll.Multiple}}checkbox{{else}}radio{{end}}" name="choices"
|
||||||
id="poll-{{$s.ID}}-{{$i}}" value="{{$i}}">
|
id="poll-{{$s.ID}}-{{$i}}" value="{{$i}}">
|
||||||
<label for="poll-{{$s.ID}}-{{$i}}">
|
<label for="poll-{{$s.ID}}-{{$i}}">
|
||||||
{{EmojiFilter $o.Title $s.Emojis}}
|
{{EmojiFilter $o.Title $s.Emojis | html}}
|
||||||
</label>
|
</label>
|
||||||
{{end}}
|
{{end}}
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
@ -5,7 +5,7 @@
|
|||||||
<form class="search-form" action="/usersearch/{{.User.ID}}" method="GET">
|
<form class="search-form" action="/usersearch/{{.User.ID}}" method="GET">
|
||||||
<span class="post-form-field>
|
<span class="post-form-field>
|
||||||
<label for="query"> Query </label>
|
<label for="query"> Query </label>
|
||||||
<input id="query" name="q" value="{{.Q}}">
|
<input id="query" name="q" value="{{.Q | html}}">
|
||||||
</span>
|
</span>
|
||||||
<button type="submit"> Search </button>
|
<button type="submit"> Search </button>
|
||||||
</form>
|
</form>
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user