diff options
| author | Robert Griesemer <gri@golang.org> | 2011-08-15 15:15:54 -0700 |
|---|---|---|
| committer | Robert Griesemer <gri@golang.org> | 2011-08-15 15:15:54 -0700 |
| commit | 91fadbca17ac7e79bc60684c9f4d64c3892398e1 (patch) | |
| tree | 87a70affe8fc71f7da042974ae3f82f12a5e09e2 | |
| parent | 9f677f91d19321bb663f337f015b253794c338a8 (diff) | |
| download | go-91fadbca17ac7e79bc60684c9f4d64c3892398e1.tar.gz go-91fadbca17ac7e79bc60684c9f4d64c3892398e1.zip | |
godoc: fix escaping in templates
- HTML-escape URL paths
- URL-escape URL parameters
R=bradfitz
CC=golang-dev
https://golang.org/cl/4890041
| -rw-r--r-- | lib/godoc/codewalkdir.html | 7 | ||||
| -rw-r--r-- | lib/godoc/dirlist.html | 3 | ||||
| -rw-r--r-- | lib/godoc/search.html | 25 | ||||
| -rw-r--r-- | src/cmd/godoc/godoc.go | 2 |
4 files changed, 20 insertions, 17 deletions
diff --git a/lib/godoc/codewalkdir.html b/lib/godoc/codewalkdir.html index 6fe1a0565a..2d81d9cc4d 100644 --- a/lib/godoc/codewalkdir.html +++ b/lib/godoc/codewalkdir.html @@ -7,9 +7,10 @@ <table class="layout"> {{range .}} <tr> - <td><a href="{{html .Name}}">{{html .Name}}</a></td> - <td width="25"> </td> - <td>{{html .Title}}</td> + {{$name := html .Name}} + <td><a href="{{$name}}">{{$name}}</a></td> + <td width="25"> </td> + <td>{{html .Title}}</td> </tr> {{end}} </table> diff --git a/lib/godoc/dirlist.html b/lib/godoc/dirlist.html index 422397e522..841e474e21 100644 --- a/lib/godoc/dirlist.html +++ b/lib/godoc/dirlist.html @@ -18,7 +18,8 @@ </tr> {{range .}} <tr> - <td align="left"><a href="{{.|fileInfoName|html}}">{{.|fileInfoName|html}}</a></td> + {{$name := .|fileInfoName|html}} + <td align="left"><a href="{{$name}}">{{$name}}</a></td> <td></td> <td align="right">{{html .Size}}</td> <td></td> diff --git a/lib/godoc/search.html b/lib/godoc/search.html index 946160cf53..776becda2e 100644 --- a/lib/godoc/search.html +++ b/lib/godoc/search.html @@ -3,6 +3,7 @@ Use of this source code is governed by a BSD-style license that can be found in the LICENSE file. --> +{{$query := urlquery .Query}} {{with .Alert}} <p> <span class="alert" style="font-size:120%">{{html .}}</span> @@ -20,13 +21,13 @@ {{with .Decls}} <h2 id="Global">Package-level declarations</h2> {{range .}} - {{$pkg := pkgLink .Pak.Path}} - <h3 id="Global_{{html $pkg}}">package <a href="/{{$pkg}}">{{html .Pak.Name}}</a></h3> + {{$pkg := pkgLink .Pak.Path | html}} + <h3 id="Global_{{$pkg}}">package <a href="/{{$pkg}}">{{html .Pak.Name}}</a></h3> {{range .Files}} - {{$src := srcLink .File.Path}} + {{$src := srcLink .File.Path | html}} {{range .Groups}} {{range .Infos}} - <a href="/{{$src}}?h={{urlquery $.Query}}#L{{infoLine .}}">{{html $src}}:{{infoLine .}}</a> + <a href="/{{$src}}?h={{$query}}#L{{infoLine .}}">{{$src}}:{{infoLine .}}</a> {{infoSnippet_html .}} {{end}} {{end}} @@ -36,11 +37,11 @@ {{with .Others}} <h2 id="Local">Local declarations and uses</h2> {{range .}} - {{$pkg := pkgLink .Pak.Path}} - <h3 id="Local_{{html $pkg}}">package <a href="/{{$pkg}}">{{html .Pak.Name}}</a></h3> + {{$pkg := pkgLink .Pak.Path | html}} + <h3 id="Local_{{$pkg}}">package <a href="/{{$pkg}}">{{html .Pak.Name}}</a></h3> {{range .Files}} - {{$src := srcLink .File.Path}} - <a href="/{{$src}}?h={{urlquery $.Query}}">{{html $src}}</a> + {{$src := srcLink .File.Path | html}} + <a href="/{{$src}}?h={{$query}}">{{$src}}</a> <table class="layout"> {{range .Groups}} <tr> @@ -49,7 +50,7 @@ <td align="left" width="4"></td> <td> {{range .Infos}} - <a href="/{{$src}}?h={{urlquery $.Query}}#L{{infoLine .}}">{{infoLine .}}</a> + <a href="/{{$src}}?h={{$query}}#L{{infoLine .}}">{{infoLine .}}</a> {{end}} </td> </tr> @@ -71,17 +72,17 @@ <p> <table class="layout"> {{range .}} - {{$src := srcLink .Filename}} + {{$src := srcLink .Filename | html}} <tr> <td align="left" valign="top"> - <a href="/{{$src}}?h={{urlquery $.Query}}">{{html $src}}</a>: + <a href="/{{$src}}?h={{$query}}">{{$src}}</a>: </td> <td align="left" width="4"></td> <th align="left" valign="top">{{len .Lines}}</th> <td align="left" width="4"></td> <td align="left"> {{range .Lines}} - <a href="/{{$src}}?h={{urlquery $.Query}}#L{{.}}">{{html .}}</a> + <a href="/{{$src}}?h={{$query}}#L{{html .}}">{{html .}}</a> {{end}} {{if not $.Complete}} ... diff --git a/src/cmd/godoc/godoc.go b/src/cmd/godoc/godoc.go index 98fdc19d04..e3f8ad8d36 100644 --- a/src/cmd/godoc/godoc.go +++ b/src/cmd/godoc/godoc.go @@ -481,7 +481,7 @@ func posLink_urlFunc(node ast.Node, fset *token.FileSet) string { } var buf bytes.Buffer - buf.WriteString(http.URLEscape(relpath)) + template.HTMLEscape(&buf, []byte(relpath)) // selection ranges are of form "s=low:high" if low < high { fmt.Fprintf(&buf, "?s=%d:%d", low, high) // no need for URL escaping |