1
0
mirror of https://github.com/golang/go synced 2024-11-21 22:14:41 -07:00

godoc: fix escaping in templates

- HTML-escape URL paths
- URL-escape URL parameters

R=bradfitz
CC=golang-dev
https://golang.org/cl/4890041
This commit is contained in:
Robert Griesemer 2011-08-15 15:15:54 -07:00
parent 9f677f91d1
commit 91fadbca17
4 changed files with 20 additions and 17 deletions

View File

@ -7,9 +7,10 @@
<table class="layout">
{{range .}}
<tr>
<td><a href="{{html .Name}}">{{html .Name}}</a></td>
<td width="25">&nbsp;</td>
<td>{{html .Title}}</td>
{{$name := html .Name}}
<td><a href="{{$name}}">{{$name}}</a></td>
<td width="25">&nbsp;</td>
<td>{{html .Title}}</td>
</tr>
{{end}}
</table>

View File

@ -18,7 +18,8 @@
</tr>
{{range .}}
<tr>
<td align="left"><a href="{{.|fileInfoName|html}}">{{.|fileInfoName|html}}</a></td>
{{$name := .|fileInfoName|html}}
<td align="left"><a href="{{$name}}">{{$name}}</a></td>
<td></td>
<td align="right">{{html .Size}}</td>
<td></td>

View File

@ -3,6 +3,7 @@
Use of this source code is governed by a BSD-style
license that can be found in the LICENSE file.
-->
{{$query := urlquery .Query}}
{{with .Alert}}
<p>
<span class="alert" style="font-size:120%">{{html .}}</span>
@ -20,13 +21,13 @@
{{with .Decls}}
<h2 id="Global">Package-level declarations</h2>
{{range .}}
{{$pkg := pkgLink .Pak.Path}}
<h3 id="Global_{{html $pkg}}">package <a href="/{{$pkg}}">{{html .Pak.Name}}</a></h3>
{{$pkg := pkgLink .Pak.Path | html}}
<h3 id="Global_{{$pkg}}">package <a href="/{{$pkg}}">{{html .Pak.Name}}</a></h3>
{{range .Files}}
{{$src := srcLink .File.Path}}
{{$src := srcLink .File.Path | html}}
{{range .Groups}}
{{range .Infos}}
<a href="/{{$src}}?h={{urlquery $.Query}}#L{{infoLine .}}">{{html $src}}:{{infoLine .}}</a>
<a href="/{{$src}}?h={{$query}}#L{{infoLine .}}">{{$src}}:{{infoLine .}}</a>
{{infoSnippet_html .}}
{{end}}
{{end}}
@ -36,11 +37,11 @@
{{with .Others}}
<h2 id="Local">Local declarations and uses</h2>
{{range .}}
{{$pkg := pkgLink .Pak.Path}}
<h3 id="Local_{{html $pkg}}">package <a href="/{{$pkg}}">{{html .Pak.Name}}</a></h3>
{{$pkg := pkgLink .Pak.Path | html}}
<h3 id="Local_{{$pkg}}">package <a href="/{{$pkg}}">{{html .Pak.Name}}</a></h3>
{{range .Files}}
{{$src := srcLink .File.Path}}
<a href="/{{$src}}?h={{urlquery $.Query}}">{{html $src}}</a>
{{$src := srcLink .File.Path | html}}
<a href="/{{$src}}?h={{$query}}">{{$src}}</a>
<table class="layout">
{{range .Groups}}
<tr>
@ -49,7 +50,7 @@
<td align="left" width="4"></td>
<td>
{{range .Infos}}
<a href="/{{$src}}?h={{urlquery $.Query}}#L{{infoLine .}}">{{infoLine .}}</a>
<a href="/{{$src}}?h={{$query}}#L{{infoLine .}}">{{infoLine .}}</a>
{{end}}
</td>
</tr>
@ -71,17 +72,17 @@
<p>
<table class="layout">
{{range .}}
{{$src := srcLink .Filename}}
{{$src := srcLink .Filename | html}}
<tr>
<td align="left" valign="top">
<a href="/{{$src}}?h={{urlquery $.Query}}">{{html $src}}</a>:
<a href="/{{$src}}?h={{$query}}">{{$src}}</a>:
</td>
<td align="left" width="4"></td>
<th align="left" valign="top">{{len .Lines}}</th>
<td align="left" width="4"></td>
<td align="left">
{{range .Lines}}
<a href="/{{$src}}?h={{urlquery $.Query}}#L{{.}}">{{html .}}</a>
<a href="/{{$src}}?h={{$query}}#L{{html .}}">{{html .}}</a>
{{end}}
{{if not $.Complete}}
...

View File

@ -481,7 +481,7 @@ func posLink_urlFunc(node ast.Node, fset *token.FileSet) string {
}
var buf bytes.Buffer
buf.WriteString(http.URLEscape(relpath))
template.HTMLEscape(&buf, []byte(relpath))
// selection ranges are of form "s=low:high"
if low < high {
fmt.Fprintf(&buf, "?s=%d:%d", low, high) // no need for URL escaping