mirror of
https://github.com/thomiceli/opengist.git
synced 2024-12-22 20:42:40 +00:00
Fix escaping for embed gists (#381)
This commit is contained in:
parent
40ff4c7b3f
commit
00e3d09cc5
1 changed files with 27 additions and 6 deletions
|
@ -4,6 +4,7 @@ import (
|
||||||
"archive/zip"
|
"archive/zip"
|
||||||
"bufio"
|
"bufio"
|
||||||
"bytes"
|
"bytes"
|
||||||
|
gojson "encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"html/template"
|
"html/template"
|
||||||
|
@ -428,12 +429,10 @@ func gistJs(ctx echo.Context) error {
|
||||||
return errorRes(500, "Error joining css url", err)
|
return errorRes(500, "Error joining css url", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
js := `document.write('<link rel="stylesheet" href="%s">')
|
js, err := escapeJavaScriptContent(htmlbuf.String(), cssUrl)
|
||||||
document.write('%s')
|
if err != nil {
|
||||||
`
|
return errorRes(500, "Error escaping JavaScript content", err)
|
||||||
content := strings.Replace(htmlbuf.String(), `\n`, `\\n`, -1)
|
}
|
||||||
content = strings.Replace(content, "\n", `\n`, -1)
|
|
||||||
js = fmt.Sprintf(js, cssUrl, content)
|
|
||||||
ctx.Response().Header().Set("Content-Type", "application/javascript")
|
ctx.Response().Header().Set("Content-Type", "application/javascript")
|
||||||
return plainText(ctx, 200, js)
|
return plainText(ctx, 200, js)
|
||||||
}
|
}
|
||||||
|
@ -894,3 +893,25 @@ func preview(ctx echo.Context) error {
|
||||||
|
|
||||||
return plainText(ctx, 200, previewStr)
|
return plainText(ctx, 200, previewStr)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func escapeJavaScriptContent(htmlContent, cssUrl string) (string, error) {
|
||||||
|
jsonContent, err := gojson.Marshal(htmlContent)
|
||||||
|
if err != nil {
|
||||||
|
return "", fmt.Errorf("failed to encode content: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
jsonCssUrl, err := gojson.Marshal(cssUrl)
|
||||||
|
if err != nil {
|
||||||
|
return "", fmt.Errorf("failed to encode CSS URL: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
js := fmt.Sprintf(`
|
||||||
|
document.write('<link rel="stylesheet" href=%s>');
|
||||||
|
document.write(%s);
|
||||||
|
`,
|
||||||
|
string(jsonCssUrl),
|
||||||
|
string(jsonContent),
|
||||||
|
)
|
||||||
|
|
||||||
|
return js, nil
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue