Escape html characters in post flairs (#247)

* Encode HTML characters in flairs

* Encode HTML characters in flairs

* Use esc! macro for HTML escaping

Co-authored-by: spikecodes <19519553+spikecodes@users.noreply.github.com>
This commit is contained in:
accountForIssues 2021-07-19 19:15:15 +02:00 committed by GitHub
parent e571cc3b1e
commit be253d40dd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 13 deletions

View File

@ -39,7 +39,7 @@ impl FlairPart {
Self {
flair_part_type: value("e").to_string(),
value: match value("e") {
"text" => value("t").to_string(),
"text" => esc!(value("t")).to_string(),
"emoji" => format_url(value("u")),
_ => String::new(),
},
@ -568,27 +568,17 @@ pub fn val(j: &Value, k: &str) -> String {
j["data"][k].as_str().unwrap_or_default().to_string()
}
// Escape < and > to accurately render HTML
#[macro_export]
macro_rules! esc {
($f:expr) => {
$f.replace('<', "&lt;").replace('>', "&gt;")
$f.replace('&', "&amp;").replace('<', "&lt;").replace('>', "&gt;")
};
($j:expr, $k:expr) => {
$j["data"][$k].as_str().unwrap_or_default().to_string().replace('<', "&lt;").replace('>', "&gt;")
};
}
// Escape < and > to accurately render HTML
// pub fn esc(j: &Value, k: &str) -> String {
// val(j,k)
// // .replace('&', "&amp;")
// .replace('<', "&lt;")
// .replace('>', "&gt;")
// // .replace('"', "&quot;")
// // .replace('\'', "&#x27;")
// // .replace('/', "&#x2f;")
// }
//
// NETWORKING
//