code.ivysaur.me/yatwiki
1
0
Fork 0
Code Issues Pull Requests Releases Activity

bbcode: properly unhesc content before applying url escaping

Browse Source
This commit is contained in:
mappu 2018-04-02 18:10:51 +12:00
parent b080a6f017
commit 0fb52800f7
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
bbcode.go
View File

@ -77,7 +77,10 @@ func (this *BBCodeRenderer) bbcode(data string) string {
pregReplaceRule{regexp.MustCompile(`(?si)\[\*\]`), `</li><li>`}, pregReplaceRule{regexp.MustCompile(`(?si)\[\*\]`), `</li><li>`},
pregReplaceRule{regexp.MustCompile(`(?si)\[url=(.*?)\](.*?)\[/url\]`), `<a rel="noreferrer" href="$1">$2</a>`}, pregReplaceRule{regexp.MustCompile(`(?si)\[url=(.*?)\](.*?)\[/url\]`), `<a rel="noreferrer" href="$1">$2</a>`},
pregReplaceFunc{regexp.MustCompile(`(?si)\[article=(.*?)\](.*?)\[/article\]`), func(m []string) string { pregReplaceFunc{regexp.MustCompile(`(?si)\[article=(.*?)\](.*?)\[/article\]`), func(m []string) string {
return `<a href="` + template.HTMLEscapeString(this.baseUrl+`view/`+url.PathEscape(m[1])) + `">` + m[2] + `</a>` // m[1] has already been hesc'd
// Need to unhesc, and then pathescape
targetArticle := html.UnescapeString(m[1])
return `<a href="` + template.HTMLEscapeString(this.baseUrl+`view/`+url.PathEscape(targetArticle)) + `">` + m[2] + `</a>`
}}, }},
pregReplaceFunc{regexp.MustCompile(`(?si)\[rev=(.*?)\](.*?)\[/rev\]`), func(m []string) string { pregReplaceFunc{regexp.MustCompile(`(?si)\[rev=(.*?)\](.*?)\[/rev\]`), func(m []string) string {
return `<a href="` + template.HTMLEscapeString(this.baseUrl+`archive/`+url.PathEscape(m[1])) + `">` + m[2] + `</a>` return `<a href="` + template.HTMLEscapeString(this.baseUrl+`archive/`+url.PathEscape(m[1])) + `">` + m[2] + `</a>`