commit b86a552cde98c42acf072d046cb799a85ca79a43
parent 3971be30b00b637ee1abfcd4412d86412a3143b6
Author: William Casarin <jb55@jb55.com>
Date: Thu, 21 Dec 2023 10:59:56 -0800
escape html in opengraph properties
Diffstat:
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/main.rs b/src/main.rs
@@ -1,5 +1,6 @@
use std::net::SocketAddr;
+use html_escape;
use http_body_util::Full;
use hyper::body::Bytes;
use hyper::header;
@@ -155,8 +156,9 @@ fn serve_note_html(
// 4: Full content
let hostname = "https://damus.io";
- let abbrev_content = abbreviate(¬e.note.content, 64);
- let content = ¬e.note.content;
+ let abbrev_content = html_escape::encode_text(abbreviate(¬e.note.content, 64));
+ let content = html_escape::encode_text(¬e.note.content);
+ let profile_name = html_escape::encode_text(¬e.profile.name);
write!(
data,
@@ -192,7 +194,7 @@ fn serve_note_html(
</body>
</html>
"#,
- note.profile.name,
+ profile_name,
abbrev_content,
hostname,
nip19.to_bech32().unwrap(),
