From bfc05adbce918b6d29087b983a6cc9c830e01cb2 Mon Sep 17 00:00:00 2001 From: spikecodes <19519553+spikecodes@users.noreply.github.com> Date: Sun, 25 Oct 2020 17:52:57 -0700 Subject: [PATCH] Escape HTML Text --- src/post.rs | 74 +++++++++++------------------------------------- src/subreddit.rs | 13 +++++++-- src/user.rs | 11 +++++-- static/style.css | 6 +--- 4 files changed, 37 insertions(+), 67 deletions(-) diff --git a/src/post.rs b/src/post.rs index 61f8d07..1f53d4a 100644 --- a/src/post.rs +++ b/src/post.rs @@ -1,5 +1,4 @@ // CRATES -extern crate comrak; use actix_web::{get, web, HttpResponse, Result}; use askama::Template; use comrak::{markdown_to_html, ComrakOptions}; @@ -28,7 +27,7 @@ pub struct Post { pub struct Comment { pub body: String, pub author: String, - pub score: i64, + pub score: String, pub time: String } @@ -53,7 +52,7 @@ async fn short(web::Path(id): web::Path) -> Result { render(id.to_string(), "confidence".to_string()).await } -#[get("/r/{sub}/comments/{id}/{title}")] +#[get("/r/{sub}/comments/{id}/{title}/")] async fn page(web::Path((_sub, id)): web::Path<(String, String)>) -> Result { render(id.to_string(), "confidence".to_string()).await } @@ -81,32 +80,14 @@ async fn media(data: &serde_json::Value) -> String { } } -// POSTS -// async fn post_html (post: Post) -> String { -// format!(r#" -//
-//
-// -//

{}

-// -//
-//
-//

-// r/{sub} -// • -// Posted by -// u/{author} -// {time} -//

-//

{t}

-// {media} -//

{b}

-//
-//

-// "#, if post.score>1000{format!("{}k", post.score/1000)} else {post.score.to_string()}, sub = post.community, -// author = post.author, t = post.title, media = post.media, b = post.body, time = post.time) -// } +fn html_escape(input: String) -> String { + input + .replace("&", "&") + .replace("’", "'") + .replace("\"", """) +} +// POSTS async fn fetch_post (id: &String) -> Post { let url: String = format!("https://reddit.com/{}.json", id); let resp: String = reqwest::get(&url).await.unwrap().text().await.unwrap(); @@ -119,9 +100,9 @@ async fn fetch_post (id: &String) -> Post { let score = post_data["data"]["score"].as_i64().unwrap(); Post { - title: val(post_data, "title").await, + title: html_escape(val(post_data, "title").await), community: val(post_data, "subreddit").await, - body: markdown_to_html(post_data["data"]["selftext"].as_str().unwrap(), &ComrakOptions::default()), + body: html_escape(markdown_to_html(post_data["data"]["selftext"].as_str().unwrap(), &ComrakOptions::default())), author: val(post_data, "author").await, url: val(post_data, "permalink").await, score: if score>1000 {format!("{}k",score/1000)} else {score.to_string()}, @@ -143,37 +124,16 @@ async fn fetch_comments (id: String, sort: &String) -> Result, Box< for comment in comment_data.iter() { let unix_time: i64 = comment["data"]["created_utc"].as_f64().unwrap_or(0.0).round() as i64; + let score = comment["data"]["score"].as_i64().unwrap_or(0); + let body = markdown_to_html(comment["data"]["body"].as_str().unwrap_or(""), &ComrakOptions::default()); + comments.push(Comment { - body: markdown_to_html(comment["data"]["body"].as_str().unwrap_or(""), &ComrakOptions::default()), + body: html_escape(body), author: val(comment, "author").await, - score: comment["data"]["score"].as_i64().unwrap_or(0), + score: if score>1000 {format!("{}k",score/1000)} else {score.to_string()}, time: Utc.timestamp(unix_time, 0).format("%b %e %Y %H:%M UTC").to_string() }); } Ok(comments) -} - -// async fn comments_html (comments: Vec) -> String { -// let mut html: Vec = Vec::new(); -// for comment in comments.iter() { -// let hc: String = format!(r#" -//
-//
-// -//

{}

-// -//
-//
-//

-// Posted by u/{author} -// {time} -//

-//

{t}

-//
-//

-// "#, if comment.score>1000{format!("{}k", comment.score/1000)} else {comment.score.to_string()}, -// author = comment.author, t = comment.body, time = comment.time); -// html.push(hc) -// }; html.join("\n") -// } +} \ No newline at end of file diff --git a/src/subreddit.rs b/src/subreddit.rs index 7f3f9af..8505721 100644 --- a/src/subreddit.rs +++ b/src/subreddit.rs @@ -62,6 +62,13 @@ async fn sorted(web::Path((sub, sort)): web::Path<(String, String)>) -> Result String { String::from(j["data"][k].as_str().unwrap_or("")) } +fn html_escape(input: String) -> String { + input + .replace("&", "&") + .replace("’", "'") + .replace("\"", """) +} + // SUBREDDIT async fn subreddit(sub: &String) -> Subreddit { let url: String = format!("https://www.reddit.com/r/{}/about.json", sub); @@ -75,8 +82,8 @@ async fn subreddit(sub: &String) -> Subreddit { Subreddit { name: val(&data, "display_name").await, - title: val(&data, "title").await, - description: val(&data, "public_description").await, + title: html_escape(val(&data, "title").await), + description: html_escape(val(&data, "public_description").await), icon: String::from(icon_parts[0]), } } @@ -96,7 +103,7 @@ pub async fn posts(sub: String, sort: &String) -> Vec { let unix_time: i64 = post["data"]["created_utc"].as_f64().unwrap().round() as i64; let score = post["data"]["score"].as_i64().unwrap(); posts.push(Post { - title: val(post, "title").await, + title: html_escape(val(post, "title").await), community: val(post, "subreddit").await, author: val(post, "author").await, score: if score>1000 {format!("{}k",score/1000)} else {score.to_string()}, diff --git a/src/user.rs b/src/user.rs index 407e0b6..6c33829 100644 --- a/src/user.rs +++ b/src/user.rs @@ -61,6 +61,13 @@ async fn sorted(web::Path((username, sort)): web::Path<(String, String)>) -> Res async fn user_val (j: &serde_json::Value, k: &str) -> String { String::from(j["data"]["subreddit"][k].as_str().unwrap()) } async fn post_val (j: &serde_json::Value, k: &str) -> String { String::from(j["data"][k].as_str().unwrap_or("Comment")) } +fn html_escape(input: String) -> String { + input + .replace("&", "&") + .replace("’", "'") + .replace("\"", """) +} + // USER async fn user(name: &String) -> User { let url: String = format!("https://www.reddit.com/user/{}/about.json", name); @@ -73,7 +80,7 @@ async fn user(name: &String) -> User { icon: user_val(&data, "icon_img").await, karma: data["data"]["total_karma"].as_i64().unwrap(), banner: user_val(&data, "banner_img").await, - description: user_val(&data, "public_description").await + description: html_escape(user_val(&data, "public_description").await) } } @@ -92,7 +99,7 @@ async fn posts(sub: String, sort: &String) -> Vec { let unix_time: i64 = post["data"]["created_utc"].as_f64().unwrap().round() as i64; let score = post["data"]["score"].as_i64().unwrap(); posts.push(Post { - title: post_val(post, "title").await, + title: html_escape(post_val(post, "title").await), community: post_val(post, "subreddit").await, author: post_val(post, "author").await, score: if score>1000 {format!("{}k",score/1000)} else {score.to_string()}, diff --git a/static/style.css b/static/style.css index 95abacc..1530a50 100644 --- a/static/style.css +++ b/static/style.css @@ -232,10 +232,6 @@ span { background: #222; } -.comment:hover > .comment_left { - background: #333; -} - .comment_left, .comment_right { display: flex; flex-direction: column; @@ -243,7 +239,7 @@ span { .comment_left { text-align: center; - background: #222; + border-right: 2px solid #000; border-radius: 5px 0px 0px 5px; min-width: 50px; padding: 5px;