From be253d40dd8634f0a0f420e5e5b0b06207fccfa8 Mon Sep 17 00:00:00 2001
From: accountForIssues <52367365+accountForIssues@users.noreply.github.com>
Date: Mon, 19 Jul 2021 19:15:15 +0200
Subject: [PATCH] Escape html characters in post flairs (#247)

* Encode HTML characters in flairs

* Encode HTML characters in flairs

* Use esc! macro for HTML escaping

Co-authored-by: spikecodes <19519553+spikecodes@users.noreply.github.com>
---
 src/utils.rs | 16 +++-------------
 1 file changed, 3 insertions(+), 13 deletions(-)

diff --git a/src/utils.rs b/src/utils.rs
index e5ddd5f..0933d15 100644
--- a/src/utils.rs
+++ b/src/utils.rs
@@ -39,7 +39,7 @@ impl FlairPart {
 						Self {
 							flair_part_type: value("e").to_string(),
 							value: match value("e") {
-								"text" => value("t").to_string(),
+								"text" => esc!(value("t")).to_string(),
 								"emoji" => format_url(value("u")),
 								_ => String::new(),
 							},
@@ -568,27 +568,17 @@ pub fn val(j: &Value, k: &str) -> String {
 	j["data"][k].as_str().unwrap_or_default().to_string()
 }
 
+// Escape < and > to accurately render HTML
 #[macro_export]
 macro_rules! esc {
 	($f:expr) => {
-		$f.replace('<', "&lt;").replace('>', "&gt;")
+		$f.replace('&', "&amp;").replace('<', "&lt;").replace('>', "&gt;")
 	};
 	($j:expr, $k:expr) => {
 		$j["data"][$k].as_str().unwrap_or_default().to_string().replace('<', "&lt;").replace('>', "&gt;")
 	};
 }
 
-// Escape < and > to accurately render HTML
-// pub fn esc(j: &Value, k: &str) -> String {
-// 	val(j,k)
-// 		// .replace('&', "&amp;")
-// 		.replace('<', "&lt;")
-// 		.replace('>', "&gt;")
-// 		// .replace('"', "&quot;")
-// 		// .replace('\'', "&#x27;")
-// 		// .replace('/', "&#x2f;")
-// }
-
 //
 // NETWORKING
 //