diff --git a/internal/web/gist.go b/internal/web/gist.go
index 68da47c..f7d3564 100644
--- a/internal/web/gist.go
+++ b/internal/web/gist.go
@@ -4,6 +4,7 @@ import (
"archive/zip"
"bufio"
"bytes"
+ gojson "encoding/json"
"errors"
"fmt"
"html/template"
@@ -428,12 +429,10 @@ func gistJs(ctx echo.Context) error {
return errorRes(500, "Error joining css url", err)
}
- js := `document.write('')
-document.write('%s')
-`
- content := strings.Replace(htmlbuf.String(), `\n`, `\\n`, -1)
- content = strings.Replace(content, "\n", `\n`, -1)
- js = fmt.Sprintf(js, cssUrl, content)
+ js, err := escapeJavaScriptContent(htmlbuf.String(), cssUrl)
+ if err != nil {
+ return errorRes(500, "Error escaping JavaScript content", err)
+ }
ctx.Response().Header().Set("Content-Type", "application/javascript")
return plainText(ctx, 200, js)
}
@@ -894,3 +893,25 @@ func preview(ctx echo.Context) error {
return plainText(ctx, 200, previewStr)
}
+
+func escapeJavaScriptContent(htmlContent, cssUrl string) (string, error) {
+ jsonContent, err := gojson.Marshal(htmlContent)
+ if err != nil {
+ return "", fmt.Errorf("failed to encode content: %w", err)
+ }
+
+ jsonCssUrl, err := gojson.Marshal(cssUrl)
+ if err != nil {
+ return "", fmt.Errorf("failed to encode CSS URL: %w", err)
+ }
+
+ js := fmt.Sprintf(`
+ document.write('');
+ document.write(%s);
+ `,
+ string(jsonCssUrl),
+ string(jsonContent),
+ )
+
+ return js, nil
+}