standardise html-escaping functions

This commit is contained in:
mappu 2017-12-10 12:08:22 +13:00
parent 693f541934
commit 8a452c0fa6

View File

@ -4,7 +4,6 @@ import (
"bufio"
"fmt"
"html"
"html/template"
"io/ioutil"
"math"
"net/http"
@ -74,7 +73,7 @@ func (this *ArchiveState) renderView(w http.ResponseWriter) {
output := ""
for i := startLine; i < endLine; i += 1 {
output += template.HTMLEscapeString(lines[i]) + "<br>\n"
output += html.EscapeString(lines[i]) + "<br>\n"
}
this.renderTemplate(w, []byte(output))
@ -132,7 +131,7 @@ func (this *ArchiveState) renderSearch(w http.ResponseWriter) {
lineNo := i % this.svr.cfg.LinesPerPage
url := fmt.Sprintf(`/%s/%d/%d/page-%d#line-%d`, this.logBestSlug, ympair.Year, ympair.Month, page, lineNo)
w.Write([]byte(`<li><a href="` + template.HTMLEscapeString(url) + `">&raquo;</a> ` + template.HTMLEscapeString(scanner.Text()) + `</li>`))
w.Write([]byte(`<li><a href="` + html.EscapeString(url) + `">&raquo;</a> ` + html.EscapeString(scanner.Text()) + `</li>`))
}
}()
@ -141,7 +140,7 @@ func (this *ArchiveState) renderSearch(w http.ResponseWriter) {
w.Write([]byte(`</ul>`))
if totalResults == 0 {
w.Write([]byte(`No search results for &quot;<em>` + template.HTMLEscapeString(this.query) + `</em>&quot;`))
w.Write([]byte(`No search results for &quot;<em>` + html.EscapeString(this.query) + `</em>&quot;`))
} else {
w.Write([]byte(`<br><em>Found ` + fmt.Sprintf("%d", totalResults) + ` total result(s).</em><br><br>`))
}
@ -151,7 +150,7 @@ func (this *ArchiveState) renderSearch(w http.ResponseWriter) {
// renderError renders a plain text string, escaping it for HTML use.
func (this *ArchiveState) renderError(w http.ResponseWriter, msg string) {
this.renderTemplate(w, []byte(template.HTMLEscapeString(msg)))
this.renderTemplate(w, []byte(html.EscapeString(msg)))
}
func (this *ArchiveState) renderTemplate(w http.ResponseWriter, body []byte) {
@ -177,7 +176,7 @@ func (this *ArchiveState) renderTemplateHead(w http.ResponseWriter) {
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<title>` + template.HTMLEscapeString(title) + `</title>
<title>` + html.EscapeString(title) + `</title>
<link rel="stylesheet" type="text/css" href="/style.css">
</head>
<body>
@ -206,7 +205,7 @@ func (this *ArchiveState) renderTemplateHead(w http.ResponseWriter) {
slug, _ := this.svr.bestSlugFor(&this.svr.cfg.Logs[i])
current := (this.log == &this.svr.cfg.Logs[i])
w.Write([]byte(`<option value="` + template.HTMLEscapeString(slug) + `" ` + attr(current, "selected") + `>` + template.HTMLEscapeString(h.Description) + `</option>`))
w.Write([]byte(`<option value="` + html.EscapeString(slug) + `" ` + attr(current, "selected") + `>` + html.EscapeString(h.Description) + `</option>`))
}
w.Write([]byte(`
@ -218,7 +217,7 @@ func (this *ArchiveState) renderTemplateHead(w http.ResponseWriter) {
w.Write([]byte(`
<form method="GET">
<input type="hidden" name="h" value="` + template.HTMLEscapeString(this.logBestSlug) + `">
<input type="hidden" name="h" value="` + html.EscapeString(this.logBestSlug) + `">
<select id="seldate" onchange="setYM(this);">
`))
@ -235,7 +234,7 @@ func (this *ArchiveState) renderTemplateHead(w http.ResponseWriter) {
lastY = ympair.Year
}
w.Write([]byte(fmt.Sprintf(`<option value="%d-%d" %s>%s</option>`, ympair.Year, ympair.Month, attr(ympair.Equals(this.ym), "selected"), template.HTMLEscapeString(ympair.Month.String()))))
w.Write([]byte(fmt.Sprintf(`<option value="%d-%d" %s>%s</option>`, ympair.Year, ympair.Month, attr(ympair.Equals(this.ym), "selected"), html.EscapeString(ympair.Month.String()))))
}
//
@ -285,8 +284,8 @@ func (this *ArchiveState) renderTemplateHead(w http.ResponseWriter) {
<span class="area-search">
<form method="GET">
<input type="hidden" name="h" value="` + template.HTMLEscapeString(this.logBestSlug) + `">
<input type="text" id="searchbox" name="q" value="` + template.HTMLEscapeString(this.query) + `" placeholder="Search..." accesskey="m" title="Search (Alt+M)">
<input type="hidden" name="h" value="` + html.EscapeString(this.logBestSlug) + `">
<input type="text" id="searchbox" name="q" value="` + html.EscapeString(this.query) + `" placeholder="Search..." accesskey="m" title="Search (Alt+M)">
<input type="submit" value="&raquo;">
<input type="checkbox" class="layout-pushdown" name="rx" value="1" title="PCRE Regular Expression" ` + attr(this.queryIsRegex, "checked") + `>
</form>