mirror/opengist
1
0
Fork 0
mirror of https://github.com/thomiceli/opengist.git synced 2024-12-22 20:42:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix escaping for embed gists (#381)

Browse source
This commit is contained in:
Thomas Miceli 2024-11-18 02:29:05 +01:00 committed by GitHub
parent 40ff4c7b3f
commit 00e3d09cc5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 27 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
internal/web/gist.go
View file

@ -4,6 +4,7 @@ import (
"archive/zip"
"bufio"
"bytes"
gojson "encoding/json"
"errors"
"fmt"
"html/template"
@ -428,12 +429,10 @@ func gistJs(ctx echo.Context) error {
return errorRes(500, "Error joining css url", err)
}
js := `document.write('<link rel="stylesheet" href="%s">')
document.write('%s')
`
content := strings.Replace(htmlbuf.String(), `\n`, `\\n`, -1)
content = strings.Replace(content, "\n", `\n`, -1)
js = fmt.Sprintf(js, cssUrl, content)
js, err := escapeJavaScriptContent(htmlbuf.String(), cssUrl)
if err != nil {
return errorRes(500, "Error escaping JavaScript content", err)
}
ctx.Response().Header().Set("Content-Type", "application/javascript")
return plainText(ctx, 200, js)
}
@ -894,3 +893,25 @@ func preview(ctx echo.Context) error {
return plainText(ctx, 200, previewStr)
}
func escapeJavaScriptContent(htmlContent, cssUrl string) (string, error) {
jsonContent, err := gojson.Marshal(htmlContent)
if err != nil {
return "", fmt.Errorf("failed to encode content: %w", err)
}
jsonCssUrl, err := gojson.Marshal(cssUrl)
if err != nil {
return "", fmt.Errorf("failed to encode CSS URL: %w", err)
}
js := fmt.Sprintf(`
document.write('<link rel="stylesheet" href=%s>');
document.write(%s);
`,
string(jsonCssUrl),
string(jsonContent),
)
return js, nil
}