Fix escaping for embed gists (#381)

This commit is contained in:
Thomas Miceli 2024-11-18 02:29:05 +01:00 committed by GitHub
parent 40ff4c7b3f
commit 00e3d09cc5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -4,6 +4,7 @@ import (
"archive/zip" "archive/zip"
"bufio" "bufio"
"bytes" "bytes"
gojson "encoding/json"
"errors" "errors"
"fmt" "fmt"
"html/template" "html/template"
@ -428,12 +429,10 @@ func gistJs(ctx echo.Context) error {
return errorRes(500, "Error joining css url", err) return errorRes(500, "Error joining css url", err)
} }
js := `document.write('<link rel="stylesheet" href="%s">') js, err := escapeJavaScriptContent(htmlbuf.String(), cssUrl)
document.write('%s') if err != nil {
` return errorRes(500, "Error escaping JavaScript content", err)
content := strings.Replace(htmlbuf.String(), `\n`, `\\n`, -1) }
content = strings.Replace(content, "\n", `\n`, -1)
js = fmt.Sprintf(js, cssUrl, content)
ctx.Response().Header().Set("Content-Type", "application/javascript") ctx.Response().Header().Set("Content-Type", "application/javascript")
return plainText(ctx, 200, js) return plainText(ctx, 200, js)
} }
@ -894,3 +893,25 @@ func preview(ctx echo.Context) error {
return plainText(ctx, 200, previewStr) return plainText(ctx, 200, previewStr)
} }
func escapeJavaScriptContent(htmlContent, cssUrl string) (string, error) {
jsonContent, err := gojson.Marshal(htmlContent)
if err != nil {
return "", fmt.Errorf("failed to encode content: %w", err)
}
jsonCssUrl, err := gojson.Marshal(cssUrl)
if err != nil {
return "", fmt.Errorf("failed to encode CSS URL: %w", err)
}
js := fmt.Sprintf(`
document.write('<link rel="stylesheet" href=%s>');
document.write(%s);
`,
string(jsonCssUrl),
string(jsonContent),
)
return js, nil
}