From dabe9046423fdd023c4ba38040e2b5a6e3a96f13 Mon Sep 17 00:00:00 2001 From: KITAITI Makoto Date: Wed, 6 May 2020 06:48:29 +0900 Subject: [PATCH] Escape expressions in @Html (#767) --- templates/posts/details.rs.html | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/posts/details.rs.html b/templates/posts/details.rs.html index 7d689d98..54482ed6 100644 --- a/templates/posts/details.rs.html +++ b/templates/posts/details.rs.html @@ -40,7 +40,7 @@
@Html(i18n!(ctx.1, "Written by {0}"; format!("{}", - uri!(user::details: name = &author.fqn), + escape(&uri!(user::details: name = &author.fqn).to_string()), escape(&author.name())))) — @@ -103,8 +103,8 @@ } else {

@Html(i18n!(ctx.1, "{0}Log in{1}, or {2}use your Fediverse account{3} to interact with this article"; - format!("", uri!(session::new: m = _)), "", - format!("", uri!(posts::remote_interact: blog_name = &blog.fqn, slug = &article.slug)), "" + format!("", escape(&uri!(session::new: m = _).to_string())), "", + format!("", escape(&uri!(posts::remote_interact: blog_name = &blog.fqn, slug = &article.slug).to_string())), "" ))