Escape expressions in @Html (#767)

This commit is contained in:
KITAITI Makoto 2020-05-06 06:48:29 +09:00 committed by GitHub
parent 180e34b07c
commit dabe904642
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -40,7 +40,7 @@
<div class="article-info" dir="auto">
<span class="author">
@Html(i18n!(ctx.1, "Written by {0}"; format!("<a href=\"{}\">{}</a>",
uri!(user::details: name = &author.fqn),
escape(&uri!(user::details: name = &author.fqn).to_string()),
escape(&author.name()))))
</span>
&mdash;
@ -103,8 +103,8 @@
</section>
} else {
<p class="center">@Html(i18n!(ctx.1, "{0}Log in{1}, or {2}use your Fediverse account{3} to interact with this article";
format!("<a href='{}'>", uri!(session::new: m = _)), "</a>",
format!("<a href='{}'>", uri!(posts::remote_interact: blog_name = &blog.fqn, slug = &article.slug)), "</a>"
format!("<a href='{}'>", escape(&uri!(session::new: m = _).to_string())), "</a>",
format!("<a href='{}'>", escape(&uri!(posts::remote_interact: blog_name = &blog.fqn, slug = &article.slug).to_string())), "</a>"
))
</p>
<section class="actions">