diff options
| -rw-r--r-- | gopherproxy.go | 20 | ||||
| -rw-r--r-- | template.go | 4 | 
2 files changed, 14 insertions, 10 deletions
| diff --git a/gopherproxy.go b/gopherproxy.go index f034cb9..74f33bb 100644 --- a/gopherproxy.go +++ b/gopherproxy.go | |||
| @@ -3,6 +3,7 @@ package gopherproxy | |||
| 3 | import ( | 3 | import ( | 
| 4 | "bytes" | 4 | "bytes" | 
| 5 | "fmt" | 5 | "fmt" | 
| 6 | "html" | ||
| 6 | "html/template" | 7 | "html/template" | 
| 7 | "io" | 8 | "io" | 
| 8 | "io/ioutil" | 9 | "io/ioutil" | 
| @@ -74,9 +75,9 @@ func renderDirectory(w http.ResponseWriter, tpl *template.Template, styletext st | |||
| 74 | } | 75 | } | 
| 75 | 76 | ||
| 76 | return tpl.Execute(w, struct { | 77 | return tpl.Execute(w, struct { | 
| 77 | Title string | 78 | Title string | 
| 78 | Style string | 79 | Style string | 
| 79 | Lines []Item | 80 | Lines []Item | 
| 80 | RawText string | 81 | RawText string | 
| 81 | }{title, styletext, out, ""}) | 82 | }{title, styletext, out, ""}) | 
| 82 | } | 83 | } | 
| @@ -140,7 +141,7 @@ func GopherHandler(tpl *template.Template, robotsdata *robotstxt.RobotsData, sty | |||
| 140 | RawText string | 141 | RawText string | 
| 141 | Lines []Item | 142 | Lines []Item | 
| 142 | }{uri, styletext, buf.String(), nil}) | 143 | }{uri, styletext, buf.String(), nil}) | 
| 143 | } else { | 144 | } else { | 
| 144 | io.Copy(w, res.Body) | 145 | io.Copy(w, res.Body) | 
| 145 | } | 146 | } | 
| 146 | } else { | 147 | } else { | 
| @@ -248,13 +249,16 @@ func ListenAndServe(bind, robotsfile, uri string) error { | |||
| 248 | } | 249 | } | 
| 249 | 250 | ||
| 250 | funcMap := template.FuncMap{ | 251 | funcMap := template.FuncMap{ | 
| 251 | "safeHtml": func(s string) template.HTML { | 252 | "safeHtml": func(s string) template.HTML { | 
| 252 | return template.HTML(s) | 253 | return template.HTML(s) | 
| 253 | }, | 254 | }, | 
| 254 | "safeCss": func(s string) template.CSS { | 255 | "safeCss": func(s string) template.CSS { | 
| 255 | return template.CSS(s) | 256 | return template.CSS(s) | 
| 256 | }, | 257 | }, | 
| 257 | } | 258 | "HTMLEscape": func(s string) string { | 
| 259 | return html.EscapeString(s) | ||
| 260 | }, | ||
| 261 | } | ||
| 258 | 262 | ||
| 259 | tpl, err = template.New("gophermenu").Funcs(funcMap).Parse(tpltext) | 263 | tpl, err = template.New("gophermenu").Funcs(funcMap).Parse(tpltext) | 
| 260 | if err != nil { | 264 | if err != nil { | 
| diff --git a/template.go b/template.go index 32b75be..781d2bb 100644 --- a/template.go +++ b/template.go | |||
| @@ -21,9 +21,9 @@ var tpltext = `<!doctype html> | |||
| 21 | {{- $content = printf "%s\n" $content -}} | 21 | {{- $content = printf "%s\n" $content -}} | 
| 22 | {{- end -}} | 22 | {{- end -}} | 
| 23 | {{- if .Link -}} | 23 | {{- if .Link -}} | 
| 24 | {{- $content = printf "%s%s" $content (printf "<span class=\"link-type\">%s </span><a class=\"link link--%s\" href=\"%s\">%s</a>" .Type .Type .Link .Text) -}} | 24 | {{- $content = printf "%s%s" $content (printf "<span class=\"link-type\">%s </span><a class=\"link link--%s\" href=\"%s\">%s</a>" .Type .Type .Link (.Text | HTMLEscape)) -}} | 
| 25 | {{- else -}} | 25 | {{- else -}} | 
| 26 | {{- $content = printf "%s%s" $content (printf " %s" .Text) -}} | 26 | {{- $content = printf "%s%s" $content (printf " %s" (.Text | HTMLEscape)) -}} | 
| 27 | {{- end -}} | 27 | {{- end -}} | 
| 28 | {{- end -}} | 28 | {{- end -}} | 
| 29 | {{- $content | safeHtml -}} | 29 | {{- $content | safeHtml -}} | 
