Home Explore Help
Sign In
mirrors
/
snac2
mirror of https://codeberg.org/grunfink/snac2.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

New function encode_html_strict().

default 1 year ago
parent
9e87652571
commit
b1868d85bb
3 changed files with 17 additions and 7 deletions
Split View Show Diff Stats
  1. 10 1
      format.c
  2. 6 6
      html.c
  3. 1 0
      snac.h

+ 10 - 1
format.c
View File 

@@ -260,7 +260,7 @@ xs_str *sanitize(const char *content)
 
 }
 
 
 
-xs_str *encode_html(const char *str)
 
+xs_str *encode_html_strict(const char *str)
 
 /* escapes html characters */
 
 {
 
     xs_str *encoded = xs_replace(str, "&", "&");
 
@@ -269,6 +269,15 @@ xs_str *encode_html(const char *str)
 
     encoded = xs_replace_i(encoded, "\"", """);
 
     encoded = xs_replace_i(encoded, "'", "'");
 
 
+    return encoded;
 
+}
 
+
 
+
 
+xs_str *encode_html(const char *str)
 
+/* escapes html characters */
 
+{
 
+    xs_str *encoded = encode_html_strict(str);
 
+
 
     /* Restore only <br>. Probably safe. Let's hope nothing goes wrong with this. */
 
     encoded = xs_replace_i(encoded, "&lt;br&gt;", "<br>");

+ 6 - 6
html.c
View File 

@@ -2075,10 +2075,10 @@ int html_get_handler(const xs_dict *req, const char *q_path,
 
         xs *bio   = not_really_markdown(xs_dict_get(snac.config, "bio"), NULL);
 
         char *p, *v;
 
 
-        xs *es1 = encode_html(xs_dict_get(snac.config, "name"));
 
-        xs *es2 = encode_html(snac.uid);
 
-        xs *es3 = encode_html(xs_dict_get(srv_config, "host"));
 
-        xs *es4 = encode_html(bio);
 
+        xs *es1 = encode_html_strict(xs_dict_get(snac.config, "name"));
 
+        xs *es2 = encode_html_strict(snac.uid);
 
+        xs *es3 = encode_html_strict(xs_dict_get(srv_config, "host"));
 
+        xs *es4 = encode_html_strict(bio);
 
         rss = xs_fmt(
 
             "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
 
             "<rss version=\"0.91\">\n"
 
@@ -2106,7 +2106,7 @@ int html_get_handler(const xs_dict *req, const char *q_path,
 
             if (!xs_startswith(id, snac.actor))
 
                 continue;
 
 
-            xs *content = sanitize(xs_dict_get(msg, "content"));
 
+            xs *content = encode_html_strict(xs_dict_get(msg, "content"));
 
 
             // We SHOULD only use sanitized one for description.
 
             // So, only encode for feed title, while the description just keep it sanitized as is.
 
@@ -2115,7 +2115,7 @@ int html_get_handler(const xs_dict *req, const char *q_path,
 
             xs *title   = xs_str_new(NULL);
 
             int i;
 
 
-            for (i = 0; es_title[i] && es_title[i] != '\n' && i < 50; i++)
 
+            for (i = 0; es_title[i] && es_title[i] != '\n' && es_title[i] != '&' && i < 50; i++)
 
                 title = xs_append_m(title, &es_title[i], 1);
 
 
             xs *s = xs_fmt(

+ 1 - 0
snac.h
View File 

@@ -262,6 +262,7 @@ int activitypub_post_handler(const xs_dict *req, const char *q_path,
 
 
 xs_str *not_really_markdown(const char *content, xs_list **attach);
 
 xs_str *sanitize(const char *content);
 
+xs_str *encode_html_strict(const char *str);
 
 xs_str *encode_html(const char *str);
 
 
 xs_str *html_timeline(snac *user, const xs_list *list, int local, int skip, int show, int show_more);