asonix/hyaenidae
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Server: render sanitized strings as plain html

Browse source 
- Use source fields for text inputs
This commit is contained in:
asonix 2021-01-27 20:59:58 -06:00
parent b9a66c1923
commit 8d0d07a299
21 changed files with 60 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
server/src/comments/mod.rs
View file

@ -430,7 +430,7 @@ async fn edit_page(
return Ok(crate::to_404()); return Ok(crate::to_404());
} }
let body = comment.body().to_owned(); let body = comment.body_source().unwrap_or(comment.body()).to_owned();
let view = match prepare_view(comment, Some(&profile), &nav_state, &state).await? { let view = match prepare_view(comment, Some(&profile), &nav_state, &state).await? {
Some(v) => v.value(&body), Some(v) => v.value(&body),
None => return Ok(crate::to_404()), None => return Ok(crate::to_404()),
@ -490,7 +490,7 @@ async fn update_comment(
} }
}; };
let body = comment.body().to_owned(); let body = comment.body_source().unwrap_or(comment.body()).to_owned();
let view = match prepare_view(comment, Some(&profile), &nav_state, &state).await? { let view = match prepare_view(comment, Some(&profile), &nav_state, &state).await? {
Some(v) => v.value(&body).error_opt(Some(error)), Some(v) => v.value(&body).error_opt(Some(error)),
None => return Ok(crate::to_404()), None => return Ok(crate::to_404()),

2
server/src/main.rs
View file

@ -47,7 +47,7 @@ async fn main() -> anyhow::Result<()> {
if std::env::var("RUST_LOG").is_err() { if std::env::var("RUST_LOG").is_err() {
if config.debug { if config.debug {
std::env::set_var("RUST_LOG", "hyaenidae_profiles=debug,hyaenidae_accounts=debug,hyaenidae_toolkit=debug,hyaenidae_server=debug,info"); std::env::set_var("RUST_LOG", "hyaenidae_content=debug,hyaenidae_profiles=debug,hyaenidae_accounts=debug,hyaenidae_toolkit=debug,hyaenidae_server=debug,info");
} else { } else {
std::env::set_var("RUST_LOG", "info"); std::env::set_var("RUST_LOG", "info");
} }

4
server/src/profiles/state.rs
View file

@ -298,7 +298,7 @@ impl EditProfileState {
.placeholder("Display Name") .placeholder("Display Name")
.dark(dark); .dark(dark);
let input = if let Some(text) = &self.profile.display_name() { let input = if let Some(text) = &self.profile.display_name_source() {
input.value(text) input.value(text)
} else { } else {
input input
@ -324,7 +324,7 @@ impl EditProfileState {
.textarea() .textarea()
.dark(dark); .dark(dark);
let input = if let Some(text) = &self.profile.description_text() { let input = if let Some(text) = &self.profile.description_source() {
input.value(text) input.value(text)
} else { } else {
input input

5
server/src/submissions.rs
View file

@ -277,9 +277,10 @@ pub struct SubmissionState {
impl SubmissionState { impl SubmissionState {
async fn new(submission: Submission, dark: bool, state: &State) -> Result<Self, Error> { async fn new(submission: Submission, dark: bool, state: &State) -> Result<Self, Error> {
let title = title_input(dark).value(submission.title()); let title =
title_input(dark).value(submission.title_source().unwrap_or(submission.title()));
let description = if let Some(text) = submission.description() { let description = if let Some(text) = submission.description_source() {
description_input(dark).value(text) description_input(dark).value(text)
} else { } else {
description_input(dark) description_input(dark)

9
server/templates/admin/comment_box.rs.html
View file

@ -1,6 +1,7 @@
@use crate::extensions::ProfileExt; @use crate::extensions::ProfileExt;
@use crate::views::OwnedProfileView; @use crate::views::OwnedProfileView;
@use hyaenidae_profiles::store::Comment; @use hyaenidae_profiles::store::Comment;
@use hyaenidae_toolkit::templates::bbcode;
@use hyaenidae_toolkit::{templates::link, Link}; @use hyaenidae_toolkit::{templates::link, Link};
@use hyaenidae_toolkit::templates::icon; @use hyaenidae_toolkit::templates::icon;
@use hyaenidae_toolkit::templates::ago; @use hyaenidae_toolkit::templates::ago;
@ -16,7 +17,7 @@
@if let Some(name) = view.profile.display_name() { @if let Some(name) = view.profile.display_name() {
<div class="profile-box--meta--display"> <div class="profile-box--meta--display">
@:link(&Link::current_tab(&view.profile.view_path()).plain(true), { @:link(&Link::current_tab(&view.profile.view_path()).plain(true), {
@name @Html(&name)
}) })
</div> </div>
} }
@ -31,7 +32,11 @@
</div> </div>
</div> </div>
</div> </div>
<div class="profile-box--body">@comment.body()</div> <div class="profile-box--body">
@:bbcode({
@Html(comment.body())
})
</div>
</div> </div>
</div> </div>

12
server/templates/admin/index.rs.html
View file

@ -36,7 +36,7 @@
reported reported
@:link(&Link::new_tab(&profile.view_path()).plain(true), { @:link(&Link::new_tab(&profile.view_path()).plain(true), {
@profile.name() @Html(profile.name())
}) })
}) })
} }
@ -44,12 +44,12 @@
@:reporter(reports_view, report, { @:reporter(reports_view, report, {
reported reported
@:link(&Link::new_tab(&submission.author_path()).plain(true), { @:link(&Link::new_tab(&submission.author_path()).plain(true), {
@submission.author_name()'s @Html(submission.author_name())'s
}) })
submission: submission:
@:link(&Link::new_tab(&submission.view_path()).plain(true), { @:link(&Link::new_tab(&submission.view_path()).plain(true), {
@submission.title() @Html(submission.title())
}) })
}) })
} }
@ -57,12 +57,12 @@
@:reporter(reports_view, report, { @:reporter(reports_view, report, {
reported reported
@:link(&Link::new_tab(&comment.author_path()).plain(true), { @:link(&Link::new_tab(&comment.author_path()).plain(true), {
@comment.author_name()'s @Html(comment.author_name())'s
}) })
comment: comment:
@:link(&Link::new_tab(&comment.view_path()).plain(true), { @:link(&Link::new_tab(&comment.view_path()).plain(true), {
@comment.body() @Html(comment.body())
}) })
}) })
} }
@ -70,7 +70,7 @@
@if let Some(note) = report.note() { @if let Some(note) = report.note() {
<div class="report-description text-section"> <div class="report-description text-section">
<h4>Note:</h4> <h4>Note:</h4>
<p>@note</p> <p>@Html(note)</p>
</div> </div>
} }
<div class="button-section report-actions"> <div class="button-section report-actions">

4
server/templates/admin/report.rs.html
View file

@ -30,14 +30,14 @@
@:card_body({ @:card_body({
Reported by Reported by
@:link(&Link::new_tab(&author.view_path()).plain(true), { @:link(&Link::new_tab(&author.view_path()).plain(true), {
@author.name() @Html(author.name())
}) })
}) })
} }
@if let Some(note) = view.note() { @if let Some(note) = view.note() {
@:card_body({ @:card_body({
<h4>Report Content</h4> <h4>Report Content</h4>
<p>@note</p> <p>@Html(note)</p>
}) })
} }
}) })

2
server/templates/admin/reporter.rs.html
View file

@ -7,7 +7,7 @@
<div class="report-author"> <div class="report-author">
@if let Some(author) = view.reporter_profile(report) { @if let Some(author) = view.reporter_profile(report) {
@:link(&Link::new_tab(&author.view_path()).plain(true), { @:link(&Link::new_tab(&author.view_path()).plain(true), {
@author.name() @Html(author.name())
}) })
} }

7
server/templates/admin/server_box.rs.html
View file

@ -1,4 +1,5 @@
@use hyaenidae_profiles::store::Server; @use hyaenidae_profiles::store::Server;
@use hyaenidae_toolkit::templates::bbcode;
@(server: &Server, body: Content) @(server: &Server, body: Content)
@ -8,12 +9,14 @@
@server.domain() @server.domain()
- -
@if let Some(title) = server.title() { @if let Some(title) = server.title() {
@title @Html(title)
} }
</div> </div>
@if let Some(description) = server.description() { @if let Some(description) = server.description() {
<div class="server-description"> <div class="server-description">
@description @:bbcode({
@Html(description)
})
</div> </div>
} }
@:body() @:body()

7
server/templates/admin/submission_box.rs.html
View file

@ -1,5 +1,6 @@
@use crate::extensions::{SubmissionExt, ProfileExt}; @use crate::extensions::{SubmissionExt, ProfileExt};
@use crate::views::{OwnedProfileView, OwnedSubmissionView}; @use crate::views::{OwnedProfileView, OwnedSubmissionView};
@use hyaenidae_toolkit::templates::bbcode;
@use hyaenidae_toolkit::templates::{card_body, card_section}; @use hyaenidae_toolkit::templates::{card_body, card_section};
@use hyaenidae_toolkit::{templates::link, Link}; @use hyaenidae_toolkit::{templates::link, Link};
@use hyaenidae_toolkit::templates::icon; @use hyaenidae_toolkit::templates::icon;
@ -18,7 +19,7 @@
@if let Some(name) = pro_view.profile.display_name() { @if let Some(name) = pro_view.profile.display_name() {
<div class="profile-box--meta--display"> <div class="profile-box--meta--display">
@:link(&Link::current_tab(&pro_view.profile.view_path()).plain(true), { @:link(&Link::current_tab(&pro_view.profile.view_path()).plain(true), {
@name @Html(name)
}) })
</div> </div>
} }
@ -38,7 +39,9 @@
<div class="profile-box--body"> <div class="profile-box--body">
<h3>@sub_view.submission.title_text()</h3> <h3>@sub_view.submission.title_text()</h3>
@if let Some(description) = sub_view.submission.description_text() { @if let Some(description) = sub_view.submission.description_text() {
<p>@description</p> @:bbcode({
@Html(description)
})
} }
</div> </div>
</div> </div>

5
server/templates/comments/nodes.rs.html
View file

@ -1,5 +1,6 @@
@use crate::comments::{Cache, CommentNode}; @use crate::comments::{Cache, CommentNode};
@use crate::templates::comments::{nodes, profile_box}; @use crate::templates::comments::{nodes, profile_box};
@use hyaenidae_toolkit::templates::bbcode;
@use hyaenidae_toolkit::templates::link; @use hyaenidae_toolkit::templates::link;
@use hyaenidae_toolkit::templates::{nested_children, nested_node}; @use hyaenidae_toolkit::templates::{nested_children, nested_node};
@ -29,7 +30,9 @@
} }
</div> </div>
}, { }, {
@comment.body() @:bbcode({
@Html(comment.body())
})
}) })
}) })
} }

4
server/templates/comments/profile_box.rs.html
View file

@ -17,7 +17,7 @@
@if let Some(name) = view.profile.display_name() { @if let Some(name) = view.profile.display_name() {
<div class="profile-box--meta--display"> <div class="profile-box--meta--display">
@:link(&Link::current_tab(&view.profile.view_path()).plain(true), { @:link(&Link::current_tab(&view.profile.view_path()).plain(true), {
@name @Html(name)
}) })
</div> </div>
} }
@ -34,7 +34,7 @@
@if let Some(l) = parent.view_link(cache) { @if let Some(l) = parent.view_link(cache) {
@if let Some(name) = parent.name(cache) { @if let Some(name) = parent.name(cache) {
@:link(&l, { @:link(&l, {
Replying to @name Replying to @Html(name)
}) })
} }
} }

5
server/templates/comments/public.rs.html
View file

@ -4,6 +4,7 @@
@use crate::templates::button_js; @use crate::templates::button_js;
@use crate::templates::layouts::home; @use crate::templates::layouts::home;
@use crate::templates::comments::{nodes, profile_box}; @use crate::templates::comments::{nodes, profile_box};
@use hyaenidae_toolkit::templates::bbcode;
@use hyaenidae_toolkit::{templates::button_group, Button}; @use hyaenidae_toolkit::{templates::button_group, Button};
@use hyaenidae_toolkit::{templates::{card, card_title, card_body}, Card}; @use hyaenidae_toolkit::{templates::{card, card_title, card_body}, Card};
@use hyaenidae_toolkit::templates::link; @use hyaenidae_toolkit::templates::link;
@ -29,7 +30,9 @@
} }
}, { }, {
<div class="comment-text"> <div class="comment-text">
@comment.body() @:bbcode({
@Html(comment.body())
})
</div> </div>
}) })
</div> </div>

5
server/templates/comments/report.rs.html
View file

@ -4,6 +4,7 @@
@use crate::templates::button_js; @use crate::templates::button_js;
@use crate::templates::layouts::home; @use crate::templates::layouts::home;
@use crate::templates::comments::profile_box; @use crate::templates::comments::profile_box;
@use hyaenidae_toolkit::templates::bbcode;
@use hyaenidae_toolkit::{templates::button_group, Button}; @use hyaenidae_toolkit::{templates::button_group, Button};
@use hyaenidae_toolkit::{templates::{card, card_title, card_body}, Card}; @use hyaenidae_toolkit::{templates::{card, card_title, card_body}, Card};
@use hyaenidae_toolkit::templates::text_input; @use hyaenidae_toolkit::templates::text_input;
@ -20,7 +21,9 @@
<div class="comment-body"> <div class="comment-body">
@:profile_box(&view.author(), view.comment.published(), &view.parent(), &view.cache, nav_state.dark(), {}, { @:profile_box(&view.author(), view.comment.published(), &view.parent(), &view.cache, nav_state.dark(), {}, {
<div class="comment-text"> <div class="comment-text">
@view.comment.body() @:bbcode({
@view.comment.body()
})
</div> </div>
}) })
</div> </div>

2
server/templates/layouts/root.rs.html
View file

@ -9,7 +9,7 @@
<head> <head>
<meta charset="utf-8" /> <meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" /> <meta name="viewport" content="width=device-width, initial-scale=1" />
<title>@title</title> <title>@Html(title)</title>
<link href="@toolkit_path(toolkit_css.name)" rel="stylesheet" type="text/css" /> <link href="@toolkit_path(toolkit_css.name)" rel="stylesheet" type="text/css" />
<link href="@statics_path(layout_css.name)" rel="stylesheet" type="text/css" /> <link href="@statics_path(layout_css.name)" rel="stylesheet" type="text/css" />
<meta property="og:title" content="@title" /> <meta property="og:title" content="@title" />

4
server/templates/notifications/index.rs.html
View file

@ -51,11 +51,11 @@
@for c in view.comments() { @for c in view.comments() {
@:card_body({ @:card_body({
@:link(&c.author_link(), { @:link(&c.author_link(), {
@c.author_name() @Html(c.author_name())
}) })
@if let Some(l) = c.submission_link() { @if let Some(l) = c.submission_link() {
commented on your submission: commented on your submission:
@:link(&l, { @c.submission_title() }) @:link(&l, { @Html(c.submission_title()) })
} }
@if let Some(l) = c.reply_to_link() { @if let Some(l) = c.reply_to_link() {
replied to your replied to your

2
server/templates/profiles/discover.rs.html
View file

@ -33,7 +33,7 @@
<div class="profile-result--display-name"> <div class="profile-result--display-name">
@if let Some(display_name) = pview.profile.display_name() { @if let Some(display_name) = pview.profile.display_name() {
@:link(&Link::current_tab(&pview.profile.view_path()).plain(true), { @:link(&Link::current_tab(&pview.profile.view_path()).plain(true), {
@display_name @Html(display_name)
}) })
} }
</div> </div>

2
server/templates/profiles/list.rs.html
View file

@ -28,7 +28,7 @@
<div class="profile-result--display-name"> <div class="profile-result--display-name">
@if let Some(display_name) = pview.profile.display_name() { @if let Some(display_name) = pview.profile.display_name() {
@:link(&Link::current_tab(&pview.profile.view_path()).plain(true), { @:link(&Link::current_tab(&pview.profile.view_path()).plain(true), {
@display_name @Html(display_name)
}) })
} }
</div> </div>

2
server/templates/submissions/profile_box.rs.html
View file

@ -15,7 +15,7 @@
@if let Some(name) = view.profile.display_name() { @if let Some(name) = view.profile.display_name() {
<div class="profile-box--meta--display"> <div class="profile-box--meta--display">
@:link(&Link::current_tab(&view.profile.view_path()).plain(true), { @:link(&Link::current_tab(&view.profile.view_path()).plain(true), {
@name @Html(name)
}) })
</div> </div>
} }

7
server/templates/submissions/public.rs.html
View file

@ -5,6 +5,7 @@
@use crate::templates::layouts::home; @use crate::templates::layouts::home;
@use crate::templates::comments::nodes; @use crate::templates::comments::nodes;
@use crate::templates::submissions::profile_box; @use crate::templates::submissions::profile_box;
@use hyaenidae_toolkit::templates::bbcode;
@use hyaenidae_toolkit::{templates::button_group, Button}; @use hyaenidae_toolkit::{templates::button_group, Button};
@use hyaenidae_toolkit::{templates::{card, card_body, card_section, card_spacer, card_title}, Card}; @use hyaenidae_toolkit::{templates::{card, card_body, card_section, card_spacer, card_title}, Card};
@use hyaenidae_toolkit::templates::image; @use hyaenidae_toolkit::templates::image;
@ -19,7 +20,7 @@
}, { }, {
@:card(&Card::full_width().dark(nav_state.dark()), { @:card(&Card::full_width().dark(nav_state.dark()), {
@:card_title({ @:card_title({
@view.submission.title_text() @Html(view.submission.title_text())
}) })
@:card_section({ @:card_section({
@if let Some(img) = view.image() { @if let Some(img) = view.image() {
@ -48,7 +49,9 @@
@:card_body({ @:card_body({
@:profile_box(&view.poster(), view.submission.published(), nav_state.dark(), { @:profile_box(&view.poster(), view.submission.published(), nav_state.dark(), {
@if let Some(description) = view.submission.description_text() { @if let Some(description) = view.submission.description_text() {
@description @:bbcode({
@Html(description)
})
} }
}) })
}) })

2
server/templates/submissions/report.rs.html
View file

@ -15,7 +15,7 @@
}, { }, {
@:card(&Card::full_width().dark(nav_state.dark()), { @:card(&Card::full_width().dark(nav_state.dark()), {
@:card_title({ @:card_title({
Report @view.submission.title() Report @Html(view.submission.title())
}) })
@:submission_box(&view.submission(), &view.author(), nav_state.dark()) @:submission_box(&view.submission(), &view.author(), nav_state.dark())
}) })