From d768bc93bcd0087925bcdc878456bf0016a84fc8 Mon Sep 17 00:00:00 2001
From: Feuerfuchs <git@feuerfuchs.dev>
Date: Mon, 17 Jun 2019 15:27:14 +0200
Subject: Fix for unescaped HTML

---
 gopherproxy.go | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

(limited to 'gopherproxy.go')

diff --git a/gopherproxy.go b/gopherproxy.go
index f034cb9..74f33bb 100644
--- a/gopherproxy.go
+++ b/gopherproxy.go
@@ -3,6 +3,7 @@ package gopherproxy
 import (
 	"bytes"
 	"fmt"
+	"html"
 	"html/template"
 	"io"
 	"io/ioutil"
@@ -74,9 +75,9 @@ func renderDirectory(w http.ResponseWriter, tpl *template.Template, styletext st
 	}
 
 	return tpl.Execute(w, struct {
-		Title string
-		Style string
-		Lines []Item
+		Title   string
+		Style   string
+		Lines   []Item
 		RawText string
 	}{title, styletext, out, ""})
 }
@@ -140,7 +141,7 @@ func GopherHandler(tpl *template.Template, robotsdata *robotstxt.RobotsData, sty
 					RawText string
 					Lines   []Item
 				}{uri, styletext, buf.String(), nil})
-			} else {	
+			} else {
 				io.Copy(w, res.Body)
 			}
 		} else {
@@ -248,13 +249,16 @@ func ListenAndServe(bind, robotsfile, uri string) error {
 	}
 
 	funcMap := template.FuncMap{
-        "safeHtml": func(s string) template.HTML {
-            return template.HTML(s)
-        },
+		"safeHtml": func(s string) template.HTML {
+			return template.HTML(s)
+		},
 		"safeCss": func(s string) template.CSS {
 			return template.CSS(s)
 		},
-    }
+		"HTMLEscape": func(s string) string {
+			return html.EscapeString(s)
+		},
+	}
 
 	tpl, err = template.New("gophermenu").Funcs(funcMap).Parse(tpltext)
 	if err != nil {
-- 
cgit v1.2.3-54-g00ecf