Arav/dwelling-home
1
0
Fork 0
Code Releases 15 Activity

Whoa, don't print a raw unescaped HTML code from guests in a guestbook.

Browse Source
This commit is contained in:
Alexander Andreev 2024-06-19 04:35:25 +04:00
parent c9cd434b59
commit c42e604deb
Signed by: Arav
GPG Key ID: 25969B23DCB5CA34
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
web/guestbook.templ
View File

@ -42,11 +42,9 @@ templ Guestbook(captchaID, owner string, entries []*justguestbook.Entry, pageCou
</header> </header>
for _, line := range strings.Split(entry.Message, "\n") { for _, line := range strings.Split(entry.Message, "\n") {
if len(line) > 0 && line[0] == '>' { if len(line) > 0 && line[0] == '>' {
<p class="quote">@templ.Raw(line) <p class="quote">{ line }</p>
</p>
} else { } else {
<p>@templ.Raw(line) <p>{ line }</p>
</p>
} }
} }
if entry.Reply != nil { if entry.Reply != nil {