- Timestamp:
- Oct 30, 2016, 12:24:56 PM (9 years ago)
- File:
-
- 1 edited
-
trunk/morty.go (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/morty.go
r18 r21 29 29 30 30 var CLIENT *fasthttp.Client = &fasthttp.Client{ 31 Dial: fasthttp.DialDualStack, 31 32 MaxResponseBodySize: 10 * 1024 * 1024, // 10M 32 33 } … … 343 344 for { 344 345 attrName, attrValue, moreAttr := decoder.TagAttr() 345 attrs = append(attrs, [][]byte{attrName, attrValue}) 346 attrs = append(attrs, [][]byte{ 347 attrName, 348 attrValue, 349 []byte(html.EscapeString(string(attrValue))), 350 }) 346 351 if !moreAttr { 347 352 break … … 464 469 out.Write([]byte("<link")) 465 470 for _, attr := range attrs { 466 sanitizeAttr(rc, out, attr[0], attr[1] )471 sanitizeAttr(rc, out, attr[0], attr[1], attr[2]) 467 472 } 468 473 out.Write([]byte(">")) … … 499 504 func sanitizeAttrs(rc *RequestConfig, out io.Writer, attrs [][][]byte) { 500 505 for _, attr := range attrs { 501 sanitizeAttr(rc, out, attr[0], attr[1] )502 } 503 } 504 505 func sanitizeAttr(rc *RequestConfig, out io.Writer, attrName, attrValue []byte) {506 sanitizeAttr(rc, out, attr[0], attr[1], attr[2]) 507 } 508 } 509 510 func sanitizeAttr(rc *RequestConfig, out io.Writer, attrName, attrValue, escapedAttrValue []byte) { 506 511 if inArray(attrName, SAFE_ATTRIBUTES) { 507 fmt.Fprintf(out, " %s=\"%s\"", attrName, attrValue)512 fmt.Fprintf(out, " %s=\"%s\"", attrName, escapedAttrValue) 508 513 return 509 514 } … … 516 521 } 517 522 case "style": 518 fmt.Fprintf(out, " %s=\"", attrName)519 sanitizeCSS(rc, out, attrValue)520 out.Write([]byte("\""))523 cssAttr := bytes.NewBuffer(nil) 524 sanitizeCSS(rc, cssAttr, attrValue) 525 fmt.Fprintf(out, " %s=\"%s\"", attrName, html.EscapeString(string(cssAttr.Bytes()))) 521 526 } 522 527 }
Note:
See TracChangeset
for help on using the changeset viewer.
