From 598ede71202aea7b0b7cc6361ff7a388154dade9 Mon Sep 17 00:00:00 2001 From: Fuwn Date: Sat, 23 Mar 2024 06:50:05 +0000 Subject: fix(html): html encode text body --- Cargo.toml | 3 +++ src/html.rs | 13 +++++++------ 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index fe2c88e..1c4dd59 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -36,6 +36,9 @@ dotenv = "0.15.0" # URL Standard url = "2.3.1" +# HTML Encoding +html-escape = "0.2.13" + [build-dependencies] # Compile-time Environment Variables vergen = { version = "8.2.1", features = ["git", "gitoxide"] } diff --git a/src/html.rs b/src/html.rs index c30f5c0..00a1af4 100644 --- a/src/html.rs +++ b/src/html.rs @@ -37,10 +37,11 @@ pub fn from_gemini( let ast = ast_tree.inner(); let mut html = String::new(); let mut title = String::new(); + let safe = html_escape::encode_text; for node in ast { match node { - Node::Text(text) => html.push_str(&format!("

{text}

")), + Node::Text(text) => html.push_str(&format!("

{}

", safe(text))), Node::Link { to, text } => { let mut href = to.clone(); let mut surface = false; @@ -113,12 +114,12 @@ pub fn from_gemini( html.push_str(&format!( "

{}

\n", href, - text.clone().unwrap_or_default(), + safe(&text.clone().unwrap_or_default()), )); } Node::Heading { level, text } => { if title.is_empty() && *level == 1 { - title = text.clone(); + title = safe(&text.clone()).to_string(); } html.push_str(&format!( @@ -129,7 +130,7 @@ pub fn from_gemini( 3 => "h3", _ => "p", }, - text, + safe(text), )); } Node::List(items) => html.push_str(&format!( @@ -141,10 +142,10 @@ pub fn from_gemini( .join("\n") )), Node::Blockquote(text) => { - html.push_str(&format!("
{text}
")); + html.push_str(&format!("
{}
", safe(text))); } Node::PreformattedText { text, .. } => { - html.push_str(&format!("
{text}
")); + html.push_str(&format!("
{}
", safe(text))); } Node::Whitespace => {} } -- cgit v1.2.3