From 469f2d1d25f0b266abb15eab410131ebe1856aad Mon Sep 17 00:00:00 2001 From: r Date: Fri, 23 Apr 2021 10:19:09 +0000 Subject: [PATCH] Fix HTML escaping --- service/service.go | 11 ++++------- templates/header.tmpl | 2 +- templates/search.tmpl | 2 +- templates/status.tmpl | 6 +++--- templates/usersearch.tmpl | 2 +- 5 files changed, 10 insertions(+), 13 deletions(-) diff --git a/service/service.go b/service/service.go index 5d80c28..d548342 100644 --- a/service/service.go +++ b/service/service.go @@ -3,7 +3,6 @@ package service import ( "errors" "fmt" - "html/template" "mime/multipart" "net/url" "strings" @@ -560,16 +559,15 @@ func (s *service) UserSearchPage(c *client, url.QueryEscape(q), offset) } - qq := template.HTMLEscapeString(q) if len(q) > 0 { - title += " \"" + qq + "\"" + title += " \"" + q + "\"" } cdata := s.cdata(c, title, 0, 0, "") data := &renderer.UserSearchData{ CommonData: cdata, User: user, - Q: qq, + Q: q, Statuses: results.Statuses, NextLink: nextLink, } @@ -620,15 +618,14 @@ func (s *service) SearchPage(c *client, url.QueryEscape(q), qType, offset) } - qq := template.HTMLEscapeString(q) if len(q) > 0 { - title += " \"" + qq + "\"" + title += " \"" + q + "\"" } cdata := s.cdata(c, title, 0, 0, "") data := &renderer.SearchData{ CommonData: cdata, - Q: qq, + Q: q, Type: qType, Users: results.Accounts, Statuses: results.Statuses, diff --git a/templates/header.tmpl b/templates/header.tmpl index 1abb6dd..8eb53f6 100644 --- a/templates/header.tmpl +++ b/templates/header.tmpl @@ -17,7 +17,7 @@ {{if .RefreshInterval}} {{end}} - {{if gt .Count 0}}({{.Count}}){{end}} {{.Title}} + {{if gt .Count 0}}({{.Count}}){{end}} {{.Title | html}} {{if .CustomCSS}} diff --git a/templates/search.tmpl b/templates/search.tmpl index 0473d4a..7338cad 100644 --- a/templates/search.tmpl +++ b/templates/search.tmpl @@ -5,7 +5,7 @@
- + diff --git a/templates/status.tmpl b/templates/status.tmpl index d6bfedf..7dcc0b6 100644 --- a/templates/status.tmpl +++ b/templates/status.tmpl @@ -88,7 +88,7 @@ {{end}} {{if .Content}} -
{{StatusContentFilter .SpoilerText .Content .Emojis .Mentions}}
+
{{StatusContentFilter (html .SpoilerText) .Content .Emojis .Mentions}}
{{end}} {{if .MediaAttachments}}
@@ -153,12 +153,12 @@ {{range $i, $o := .Poll.Options}}
{{if (or $s.Poll.Expired $s.Poll.Voted)}} -
{{EmojiFilter $o.Title $s.Emojis}} - {{$o.VotesCount}} votes
+
{{EmojiFilter $o.Title $s.Emojis | html}} - {{$o.VotesCount}} votes
{{else}} {{end}}
diff --git a/templates/usersearch.tmpl b/templates/usersearch.tmpl index 3f42f28..ee84143 100644 --- a/templates/usersearch.tmpl +++ b/templates/usersearch.tmpl @@ -5,7 +5,7 @@ Query - +