HTML Escape search queries
This commit is contained in:
parent
051908cfb7
commit
1ae3c33b7d
|
@ -2,6 +2,7 @@ package renderer
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
htemplate "html/template"
|
||||||
"io"
|
"io"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
@ -145,6 +146,7 @@ func NewRenderer(templateGlobPattern string) (r *renderer, err error) {
|
||||||
"FormatTimeRFC3339": formatTimeRFC3339,
|
"FormatTimeRFC3339": formatTimeRFC3339,
|
||||||
"FormatTimeRFC822": formatTimeRFC822,
|
"FormatTimeRFC822": formatTimeRFC822,
|
||||||
"WithContext": withContext,
|
"WithContext": withContext,
|
||||||
|
"HTMLEscape": htemplate.HTMLEscapeString,
|
||||||
}).ParseGlob(templateGlobPattern)
|
}).ParseGlob(templateGlobPattern)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
<form class="search-form" action="/search" method="GET">
|
<form class="search-form" action="/search" method="GET">
|
||||||
<span class="post-form-field>
|
<span class="post-form-field>
|
||||||
<label for="query"> Query </label>
|
<label for="query"> Query </label>
|
||||||
<input id="query" name="q" value="{{.Q}}">
|
<input id="query" name="q" value="{{.Q | HTMLEscape}}">
|
||||||
</span>
|
</span>
|
||||||
<span class="post-form-field>
|
<span class="post-form-field>
|
||||||
<label for="type"> Type </label>
|
<label for="type"> Type </label>
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
<form class="search-form" action="/usersearch/{{.User.ID}}" method="GET">
|
<form class="search-form" action="/usersearch/{{.User.ID}}" method="GET">
|
||||||
<span class="post-form-field>
|
<span class="post-form-field>
|
||||||
<label for="query"> Query </label>
|
<label for="query"> Query </label>
|
||||||
<input id="query" name="q" value="{{.Q}}">
|
<input id="query" name="q" value="{{.Q | HTMLEscape}}">
|
||||||
</span>
|
</span>
|
||||||
<button type="submit"> Search </button>
|
<button type="submit"> Search </button>
|
||||||
</form>
|
</form>
|
||||||
|
|
Loading…
Reference in New Issue