fix(html): html encode text body

author: Fuwn <[email protected]> 2024-03-23 06:50:05 +0000
committer: Fuwn <[email protected]> 2024-03-23 06:50:05 +0000
commit: 120302d0f5f7120427934ee525dbbb0d285d0592 (patch)
tree: 8de74a9d7b49f0cc378d1f5037022347f5d66b40
parent: ci(earthly): include default css (diff)
download: september-120302d0f5f7120427934ee525dbbb0d285d0592.tar.xz
september-120302d0f5f7120427934ee525dbbb0d285d0592.zip
2 files changed, 10 insertions, 6 deletions
diff --git a/Cargo.toml b/Cargo.toml
index 36f260b..4974872 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -36,6 +36,9 @@ dotenv = "0.15.0"
 # URL Standard
 url = "2.3.1"
 
+# HTML Encoding
+html-escape = "0.2.13"
+
 [build-dependencies]
 # Compile-time Environment Variables
 vergen = { version = "8.2.1", features = ["git", "gitoxide"] }
diff --git a/src/html.rs b/src/html.rs
index c30f5c0..00a1af4 100644
--- a/src/html.rs
+++ b/src/html.rs
@@ -37,10 +37,11 @@ pub fn from_gemini(
   let ast = ast_tree.inner();
   let mut html = String::new();
   let mut title = String::new();
+  let safe = html_escape::encode_text;
 
   for node in ast {
     match node {
-      Node::Text(text) => html.push_str(&format!("<p>{text}</p>")),
+      Node::Text(text) => html.push_str(&format!("<p>{}</p>", safe(text))),
       Node::Link { to, text } => {
         let mut href = to.clone();
         let mut surface = false;
@@ -113,12 +114,12 @@ pub fn from_gemini(
         html.push_str(&format!(
           "<p><a href=\"{}\">{}</a></p>\n",
           href,
-          text.clone().unwrap_or_default(),
+          safe(&text.clone().unwrap_or_default()),
         ));
       }
       Node::Heading { level, text } => {
         if title.is_empty() && *level == 1 {
-          title = text.clone();
+          title = safe(&text.clone()).to_string();
         }
 
         html.push_str(&format!(
@@ -129,7 +130,7 @@ pub fn from_gemini(
             3 => "h3",
             _ => "p",
           },
-          text,
+          safe(text),
         ));
       }
       Node::List(items) => html.push_str(&format!(
@@ -141,10 +142,10 @@ pub fn from_gemini(
           .join("\n")
       )),
       Node::Blockquote(text) => {
-        html.push_str(&format!("<blockquote>{text}</blockquote>"));
+        html.push_str(&format!("<blockquote>{}</blockquote>", safe(text)));
       }
       Node::PreformattedText { text, .. } => {
-        html.push_str(&format!("<pre>{text}</pre>"));
+        html.push_str(&format!("<pre>{}</pre>", safe(text)));
       }
       Node::Whitespace => {}
     }
author	Fuwn <[email protected]>	2024-03-23 06:50:05 +0000
committer	Fuwn <[email protected]>	2024-03-23 06:50:05 +0000
commit	120302d0f5f7120427934ee525dbbb0d285d0592 (patch)
tree	8de74a9d7b49f0cc378d1f5037022347f5d66b40
parent	ci(earthly): include default css (diff)
download	september-120302d0f5f7120427934ee525dbbb0d285d0592.tar.xz september-120302d0f5f7120427934ee525dbbb0d285d0592.zip