diff options
| author | Feuerfuchs <git@feuerfuchs.dev> | 2019-06-17 15:27:14 +0200 |
|---|---|---|
| committer | Feuerfuchs <git@feuerfuchs.dev> | 2019-06-17 15:27:14 +0200 |
| commit | d768bc93bcd0087925bcdc878456bf0016a84fc8 (patch) | |
| tree | 5f2d4ca249e8f5668c849dab0151a621a7b6c54c /gopherproxy.go | |
| parent | Fix indent bug (diff) | |
| download | gopherproxy-d768bc93bcd0087925bcdc878456bf0016a84fc8.tar.gz gopherproxy-d768bc93bcd0087925bcdc878456bf0016a84fc8.tar.bz2 gopherproxy-d768bc93bcd0087925bcdc878456bf0016a84fc8.zip | |
Fix for unescaped HTML
Diffstat (limited to 'gopherproxy.go')
| -rw-r--r-- | gopherproxy.go | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/gopherproxy.go b/gopherproxy.go index f034cb9..74f33bb 100644 --- a/gopherproxy.go +++ b/gopherproxy.go | |||
| @@ -3,6 +3,7 @@ package gopherproxy | |||
| 3 | import ( | 3 | import ( |
| 4 | "bytes" | 4 | "bytes" |
| 5 | "fmt" | 5 | "fmt" |
| 6 | "html" | ||
| 6 | "html/template" | 7 | "html/template" |
| 7 | "io" | 8 | "io" |
| 8 | "io/ioutil" | 9 | "io/ioutil" |
| @@ -74,9 +75,9 @@ func renderDirectory(w http.ResponseWriter, tpl *template.Template, styletext st | |||
| 74 | } | 75 | } |
| 75 | 76 | ||
| 76 | return tpl.Execute(w, struct { | 77 | return tpl.Execute(w, struct { |
| 77 | Title string | 78 | Title string |
| 78 | Style string | 79 | Style string |
| 79 | Lines []Item | 80 | Lines []Item |
| 80 | RawText string | 81 | RawText string |
| 81 | }{title, styletext, out, ""}) | 82 | }{title, styletext, out, ""}) |
| 82 | } | 83 | } |
| @@ -140,7 +141,7 @@ func GopherHandler(tpl *template.Template, robotsdata *robotstxt.RobotsData, sty | |||
| 140 | RawText string | 141 | RawText string |
| 141 | Lines []Item | 142 | Lines []Item |
| 142 | }{uri, styletext, buf.String(), nil}) | 143 | }{uri, styletext, buf.String(), nil}) |
| 143 | } else { | 144 | } else { |
| 144 | io.Copy(w, res.Body) | 145 | io.Copy(w, res.Body) |
| 145 | } | 146 | } |
| 146 | } else { | 147 | } else { |
| @@ -248,13 +249,16 @@ func ListenAndServe(bind, robotsfile, uri string) error { | |||
| 248 | } | 249 | } |
| 249 | 250 | ||
| 250 | funcMap := template.FuncMap{ | 251 | funcMap := template.FuncMap{ |
| 251 | "safeHtml": func(s string) template.HTML { | 252 | "safeHtml": func(s string) template.HTML { |
| 252 | return template.HTML(s) | 253 | return template.HTML(s) |
| 253 | }, | 254 | }, |
| 254 | "safeCss": func(s string) template.CSS { | 255 | "safeCss": func(s string) template.CSS { |
| 255 | return template.CSS(s) | 256 | return template.CSS(s) |
| 256 | }, | 257 | }, |
| 257 | } | 258 | "HTMLEscape": func(s string) string { |
| 259 | return html.EscapeString(s) | ||
| 260 | }, | ||
| 261 | } | ||
| 258 | 262 | ||
| 259 | tpl, err = template.New("gophermenu").Funcs(funcMap).Parse(tpltext) | 263 | tpl, err = template.New("gophermenu").Funcs(funcMap).Parse(tpltext) |
| 260 | if err != nil { | 264 | if err != nil { |