monkee.ch/snac2
1
0
Fork 0
mirror of https://codeberg.org/grunfink/snac2.git synced 2024-11-22 21:35:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

New function encode_html_strict().

Browse source
This commit is contained in:
default 2023-10-04 18:19:38 +02:00
parent 9e87652571
commit b1868d85bb
3 changed files with 17 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
format.c
View file

@ -260,7 +260,7 @@ xs_str *sanitize(const char *content)
} }
xs_str *encode_html(const char *str) xs_str *encode_html_strict(const char *str)
/* escapes html characters */ /* escapes html characters */
{ {
xs_str *encoded = xs_replace(str, "&", "&"); xs_str *encoded = xs_replace(str, "&", "&");
@ -269,6 +269,15 @@ xs_str *encode_html(const char *str)
encoded = xs_replace_i(encoded, "\"", """); encoded = xs_replace_i(encoded, "\"", """);
encoded = xs_replace_i(encoded, "'", "'"); encoded = xs_replace_i(encoded, "'", "'");
return encoded;
}
xs_str *encode_html(const char *str)
/* escapes html characters */
{
xs_str *encoded = encode_html_strict(str);
/* Restore only <br>. Probably safe. Let's hope nothing goes wrong with this. */ /* Restore only <br>. Probably safe. Let's hope nothing goes wrong with this. */
encoded = xs_replace_i(encoded, "&lt;br&gt;", "<br>"); encoded = xs_replace_i(encoded, "&lt;br&gt;", "<br>");

12
html.c
View file

@ -2075,10 +2075,10 @@ int html_get_handler(const xs_dict *req, const char *q_path,
xs *bio = not_really_markdown(xs_dict_get(snac.config, "bio"), NULL); xs *bio = not_really_markdown(xs_dict_get(snac.config, "bio"), NULL);
char *p, *v; char *p, *v;
xs *es1 = encode_html(xs_dict_get(snac.config, "name")); xs *es1 = encode_html_strict(xs_dict_get(snac.config, "name"));
xs *es2 = encode_html(snac.uid); xs *es2 = encode_html_strict(snac.uid);
xs *es3 = encode_html(xs_dict_get(srv_config, "host")); xs *es3 = encode_html_strict(xs_dict_get(srv_config, "host"));
xs *es4 = encode_html(bio); xs *es4 = encode_html_strict(bio);
rss = xs_fmt( rss = xs_fmt(
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
"<rss version=\"0.91\">\n" "<rss version=\"0.91\">\n"
@ -2106,7 +2106,7 @@ int html_get_handler(const xs_dict *req, const char *q_path,
if (!xs_startswith(id, snac.actor)) if (!xs_startswith(id, snac.actor))
continue; continue;
xs *content = sanitize(xs_dict_get(msg, "content")); xs *content = encode_html_strict(xs_dict_get(msg, "content"));
// We SHOULD only use sanitized one for description. // We SHOULD only use sanitized one for description.
// So, only encode for feed title, while the description just keep it sanitized as is. // So, only encode for feed title, while the description just keep it sanitized as is.
@ -2115,7 +2115,7 @@ int html_get_handler(const xs_dict *req, const char *q_path,
xs *title = xs_str_new(NULL); xs *title = xs_str_new(NULL);
int i; int i;
for (i = 0; es_title[i] && es_title[i] != '\n' && i < 50; i++) for (i = 0; es_title[i] && es_title[i] != '\n' && es_title[i] != '&' && i < 50; i++)
title = xs_append_m(title, &es_title[i], 1); title = xs_append_m(title, &es_title[i], 1);
xs *s = xs_fmt( xs *s = xs_fmt(

1
snac.h
View file

@ -262,6 +262,7 @@ int activitypub_post_handler(const xs_dict *req, const char *q_path,
xs_str *not_really_markdown(const char *content, xs_list **attach); xs_str *not_really_markdown(const char *content, xs_list **attach);
xs_str *sanitize(const char *content); xs_str *sanitize(const char *content);
xs_str *encode_html_strict(const char *str);
xs_str *encode_html(const char *str); xs_str *encode_html(const char *str);
xs_str *html_timeline(snac *user, const xs_list *list, int local, int skip, int show, int show_more); xs_str *html_timeline(snac *user, const xs_list *list, int local, int skip, int show, int show_more);