Fix search query escaping
This commit is contained in:
parent
9c5cb289f9
commit
7d989d56e5
|
@ -2,7 +2,6 @@ package renderer
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
htemplate "html/template"
|
|
||||||
"io"
|
"io"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
@ -146,7 +145,6 @@ func NewRenderer(templateGlobPattern string) (r *renderer, err error) {
|
||||||
"FormatTimeRFC3339": formatTimeRFC3339,
|
"FormatTimeRFC3339": formatTimeRFC3339,
|
||||||
"FormatTimeRFC822": formatTimeRFC822,
|
"FormatTimeRFC822": formatTimeRFC822,
|
||||||
"WithContext": withContext,
|
"WithContext": withContext,
|
||||||
"HTMLEscape": htemplate.HTMLEscapeString,
|
|
||||||
}).ParseGlob(templateGlobPattern)
|
}).ParseGlob(templateGlobPattern)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
|
|
|
@ -5,6 +5,7 @@ import (
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"mime/multipart"
|
"mime/multipart"
|
||||||
|
"html/template"
|
||||||
"net/url"
|
"net/url"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
@ -589,18 +590,19 @@ func (svc *service) ServeUserSearchPage(c *model.Client,
|
||||||
|
|
||||||
if len(results.Statuses) == 20 {
|
if len(results.Statuses) == 20 {
|
||||||
offset += 20
|
offset += 20
|
||||||
nextLink = fmt.Sprintf("/usersearch/%s?q=%s&offset=%d", id, q, offset)
|
nextLink = fmt.Sprintf("/usersearch/%s?q=%s&offset=%d", id, url.QueryEscape(q), offset)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
qq := template.HTMLEscapeString(q)
|
||||||
if len(q) > 0 {
|
if len(q) > 0 {
|
||||||
title += " \"" + q + "\""
|
title += " \"" + qq + "\""
|
||||||
}
|
}
|
||||||
|
|
||||||
commonData := svc.getCommonData(c, title)
|
commonData := svc.getCommonData(c, title)
|
||||||
data := &renderer.UserSearchData{
|
data := &renderer.UserSearchData{
|
||||||
CommonData: commonData,
|
CommonData: commonData,
|
||||||
User: user,
|
User: user,
|
||||||
Q: q,
|
Q: qq,
|
||||||
Statuses: results.Statuses,
|
Statuses: results.Statuses,
|
||||||
NextLink: nextLink,
|
NextLink: nextLink,
|
||||||
}
|
}
|
||||||
|
@ -649,17 +651,18 @@ func (svc *service) ServeSearchPage(c *model.Client,
|
||||||
if (qType == "accounts" && len(results.Accounts) == 20) ||
|
if (qType == "accounts" && len(results.Accounts) == 20) ||
|
||||||
(qType == "statuses" && len(results.Statuses) == 20) {
|
(qType == "statuses" && len(results.Statuses) == 20) {
|
||||||
offset += 20
|
offset += 20
|
||||||
nextLink = fmt.Sprintf("/search?q=%s&type=%s&offset=%d", q, qType, offset)
|
nextLink = fmt.Sprintf("/search?q=%s&type=%s&offset=%d", url.QueryEscape(q), qType, offset)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
qq := template.HTMLEscapeString(q)
|
||||||
if len(q) > 0 {
|
if len(q) > 0 {
|
||||||
title += " \"" + q + "\""
|
title += " \"" + qq + "\""
|
||||||
}
|
}
|
||||||
|
|
||||||
commonData := svc.getCommonData(c, title)
|
commonData := svc.getCommonData(c, title)
|
||||||
data := &renderer.SearchData{
|
data := &renderer.SearchData{
|
||||||
CommonData: commonData,
|
CommonData: commonData,
|
||||||
Q: q,
|
Q: qq,
|
||||||
Type: qType,
|
Type: qType,
|
||||||
Users: results.Accounts,
|
Users: results.Accounts,
|
||||||
Statuses: results.Statuses,
|
Statuses: results.Statuses,
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
<form class="search-form" action="/search" method="GET">
|
<form class="search-form" action="/search" method="GET">
|
||||||
<span class="post-form-field">
|
<span class="post-form-field">
|
||||||
<label for="query"> Query </label>
|
<label for="query"> Query </label>
|
||||||
<input id="query" name="q" value="{{.Q | HTMLEscape}}">
|
<input id="query" name="q" value="{{.Q}}">
|
||||||
</span>
|
</span>
|
||||||
<span class="post-form-field">
|
<span class="post-form-field">
|
||||||
<label for="type"> Type </label>
|
<label for="type"> Type </label>
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
<form class="search-form" action="/usersearch/{{.User.ID}}" method="GET">
|
<form class="search-form" action="/usersearch/{{.User.ID}}" method="GET">
|
||||||
<span class="post-form-field>
|
<span class="post-form-field>
|
||||||
<label for="query"> Query </label>
|
<label for="query"> Query </label>
|
||||||
<input id="query" name="q" value="{{.Q | HTMLEscape}}">
|
<input id="query" name="q" value="{{.Q}}">
|
||||||
</span>
|
</span>
|
||||||
<button type="submit"> Search </button>
|
<button type="submit"> Search </button>
|
||||||
</form>
|
</form>
|
||||||
|
|
Loading…
Reference in New Issue