mirror of
https://github.com/golang/go
synced 2024-11-21 22:14:41 -07:00
godoc: fix escaping in templates
- HTML-escape URL paths - URL-escape URL parameters R=bradfitz CC=golang-dev https://golang.org/cl/4890041
This commit is contained in:
parent
9f677f91d1
commit
91fadbca17
@ -7,9 +7,10 @@
|
||||
<table class="layout">
|
||||
{{range .}}
|
||||
<tr>
|
||||
<td><a href="{{html .Name}}">{{html .Name}}</a></td>
|
||||
<td width="25"> </td>
|
||||
<td>{{html .Title}}</td>
|
||||
{{$name := html .Name}}
|
||||
<td><a href="{{$name}}">{{$name}}</a></td>
|
||||
<td width="25"> </td>
|
||||
<td>{{html .Title}}</td>
|
||||
</tr>
|
||||
{{end}}
|
||||
</table>
|
||||
|
@ -18,7 +18,8 @@
|
||||
</tr>
|
||||
{{range .}}
|
||||
<tr>
|
||||
<td align="left"><a href="{{.|fileInfoName|html}}">{{.|fileInfoName|html}}</a></td>
|
||||
{{$name := .|fileInfoName|html}}
|
||||
<td align="left"><a href="{{$name}}">{{$name}}</a></td>
|
||||
<td></td>
|
||||
<td align="right">{{html .Size}}</td>
|
||||
<td></td>
|
||||
|
@ -3,6 +3,7 @@
|
||||
Use of this source code is governed by a BSD-style
|
||||
license that can be found in the LICENSE file.
|
||||
-->
|
||||
{{$query := urlquery .Query}}
|
||||
{{with .Alert}}
|
||||
<p>
|
||||
<span class="alert" style="font-size:120%">{{html .}}</span>
|
||||
@ -20,13 +21,13 @@
|
||||
{{with .Decls}}
|
||||
<h2 id="Global">Package-level declarations</h2>
|
||||
{{range .}}
|
||||
{{$pkg := pkgLink .Pak.Path}}
|
||||
<h3 id="Global_{{html $pkg}}">package <a href="/{{$pkg}}">{{html .Pak.Name}}</a></h3>
|
||||
{{$pkg := pkgLink .Pak.Path | html}}
|
||||
<h3 id="Global_{{$pkg}}">package <a href="/{{$pkg}}">{{html .Pak.Name}}</a></h3>
|
||||
{{range .Files}}
|
||||
{{$src := srcLink .File.Path}}
|
||||
{{$src := srcLink .File.Path | html}}
|
||||
{{range .Groups}}
|
||||
{{range .Infos}}
|
||||
<a href="/{{$src}}?h={{urlquery $.Query}}#L{{infoLine .}}">{{html $src}}:{{infoLine .}}</a>
|
||||
<a href="/{{$src}}?h={{$query}}#L{{infoLine .}}">{{$src}}:{{infoLine .}}</a>
|
||||
{{infoSnippet_html .}}
|
||||
{{end}}
|
||||
{{end}}
|
||||
@ -36,11 +37,11 @@
|
||||
{{with .Others}}
|
||||
<h2 id="Local">Local declarations and uses</h2>
|
||||
{{range .}}
|
||||
{{$pkg := pkgLink .Pak.Path}}
|
||||
<h3 id="Local_{{html $pkg}}">package <a href="/{{$pkg}}">{{html .Pak.Name}}</a></h3>
|
||||
{{$pkg := pkgLink .Pak.Path | html}}
|
||||
<h3 id="Local_{{$pkg}}">package <a href="/{{$pkg}}">{{html .Pak.Name}}</a></h3>
|
||||
{{range .Files}}
|
||||
{{$src := srcLink .File.Path}}
|
||||
<a href="/{{$src}}?h={{urlquery $.Query}}">{{html $src}}</a>
|
||||
{{$src := srcLink .File.Path | html}}
|
||||
<a href="/{{$src}}?h={{$query}}">{{$src}}</a>
|
||||
<table class="layout">
|
||||
{{range .Groups}}
|
||||
<tr>
|
||||
@ -49,7 +50,7 @@
|
||||
<td align="left" width="4"></td>
|
||||
<td>
|
||||
{{range .Infos}}
|
||||
<a href="/{{$src}}?h={{urlquery $.Query}}#L{{infoLine .}}">{{infoLine .}}</a>
|
||||
<a href="/{{$src}}?h={{$query}}#L{{infoLine .}}">{{infoLine .}}</a>
|
||||
{{end}}
|
||||
</td>
|
||||
</tr>
|
||||
@ -71,17 +72,17 @@
|
||||
<p>
|
||||
<table class="layout">
|
||||
{{range .}}
|
||||
{{$src := srcLink .Filename}}
|
||||
{{$src := srcLink .Filename | html}}
|
||||
<tr>
|
||||
<td align="left" valign="top">
|
||||
<a href="/{{$src}}?h={{urlquery $.Query}}">{{html $src}}</a>:
|
||||
<a href="/{{$src}}?h={{$query}}">{{$src}}</a>:
|
||||
</td>
|
||||
<td align="left" width="4"></td>
|
||||
<th align="left" valign="top">{{len .Lines}}</th>
|
||||
<td align="left" width="4"></td>
|
||||
<td align="left">
|
||||
{{range .Lines}}
|
||||
<a href="/{{$src}}?h={{urlquery $.Query}}#L{{.}}">{{html .}}</a>
|
||||
<a href="/{{$src}}?h={{$query}}#L{{html .}}">{{html .}}</a>
|
||||
{{end}}
|
||||
{{if not $.Complete}}
|
||||
...
|
||||
|
@ -481,7 +481,7 @@ func posLink_urlFunc(node ast.Node, fset *token.FileSet) string {
|
||||
}
|
||||
|
||||
var buf bytes.Buffer
|
||||
buf.WriteString(http.URLEscape(relpath))
|
||||
template.HTMLEscape(&buf, []byte(relpath))
|
||||
// selection ranges are of form "s=low:high"
|
||||
if low < high {
|
||||
fmt.Fprintf(&buf, "?s=%d:%d", low, high) // no need for URL escaping
|
||||
|
Loading…
Reference in New Issue
Block a user