HTML escape all lines of the search result (#3402)

Fixes #3383.
This commit is contained in:
Morgan Bazalgette 2018-01-22 22:28:16 +01:00 committed by Lauris BH
parent 00d08473b8
commit d644e88107
1 changed files with 5 additions and 4 deletions

View File

@ -6,6 +6,7 @@ package search
import ( import (
"bytes" "bytes"
"html"
gotemplate "html/template" gotemplate "html/template"
"strings" "strings"
@ -75,17 +76,17 @@ func searchResult(result *indexer.RepoSearchResult, startIndex, endIndex int) (*
closeActiveIndex := util.Min(result.EndIndex-index, len(line)) closeActiveIndex := util.Min(result.EndIndex-index, len(line))
err = writeStrings(&formattedLinesBuffer, err = writeStrings(&formattedLinesBuffer,
`<li>`, `<li>`,
line[:openActiveIndex], html.EscapeString(line[:openActiveIndex]),
`<span class='active'>`, `<span class='active'>`,
line[openActiveIndex:closeActiveIndex], html.EscapeString(line[openActiveIndex:closeActiveIndex]),
`</span>`, `</span>`,
line[closeActiveIndex:], html.EscapeString(line[closeActiveIndex:]),
`</li>`, `</li>`,
) )
} else { } else {
err = writeStrings(&formattedLinesBuffer, err = writeStrings(&formattedLinesBuffer,
`<li>`, `<li>`,
line, html.EscapeString(line),
`</li>`, `</li>`,
) )
} }