diff options
| author | Feuerfuchs <git@feuerfuchs.dev> | 2019-06-17 15:27:14 +0200 |
|---|---|---|
| committer | Feuerfuchs <git@feuerfuchs.dev> | 2019-06-17 15:27:14 +0200 |
| commit | d768bc93bcd0087925bcdc878456bf0016a84fc8 (patch) | |
| tree | 5f2d4ca249e8f5668c849dab0151a621a7b6c54c /template.go | |
| parent | Fix indent bug (diff) | |
| download | gopherproxy-d768bc93bcd0087925bcdc878456bf0016a84fc8.tar.gz gopherproxy-d768bc93bcd0087925bcdc878456bf0016a84fc8.tar.bz2 gopherproxy-d768bc93bcd0087925bcdc878456bf0016a84fc8.zip | |
Fix for unescaped HTML
Diffstat (limited to 'template.go')
| -rw-r--r-- | template.go | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/template.go b/template.go index 32b75be..781d2bb 100644 --- a/template.go +++ b/template.go | |||
| @@ -21,9 +21,9 @@ var tpltext = `<!doctype html> | |||
| 21 | {{- $content = printf "%s\n" $content -}} | 21 | {{- $content = printf "%s\n" $content -}} |
| 22 | {{- end -}} | 22 | {{- end -}} |
| 23 | {{- if .Link -}} | 23 | {{- if .Link -}} |
| 24 | {{- $content = printf "%s%s" $content (printf "<span class=\"link-type\">%s </span><a class=\"link link--%s\" href=\"%s\">%s</a>" .Type .Type .Link .Text) -}} | 24 | {{- $content = printf "%s%s" $content (printf "<span class=\"link-type\">%s </span><a class=\"link link--%s\" href=\"%s\">%s</a>" .Type .Type .Link (.Text | HTMLEscape)) -}} |
| 25 | {{- else -}} | 25 | {{- else -}} |
| 26 | {{- $content = printf "%s%s" $content (printf " %s" .Text) -}} | 26 | {{- $content = printf "%s%s" $content (printf " %s" (.Text | HTMLEscape)) -}} |
| 27 | {{- end -}} | 27 | {{- end -}} |
| 28 | {{- end -}} | 28 | {{- end -}} |
| 29 | {{- $content | safeHtml -}} | 29 | {{- $content | safeHtml -}} |