Backups/Mango
1
0
Fork 0
mirror of https://github.com/hkalexling/Mango.git synced 2025-09-19 00:24:16 -04:00
Code Issues Projects Releases Wiki Activity

Use HTML.escape to escape XML

Browse Source
This commit is contained in:
Alex Ling 2020-07-01 13:27:30 +00:00
parent f5cdf8b7b6
commit 1725f42698
3 changed files with 4 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/util.cr
View File

@ -153,16 +153,6 @@ def ctime(file_path : String) : Time
{% end %} {% end %}
end end
def escape_xml(str)
str.gsub({
'>' => ">",
'<' => "&lt;",
'"' => "&quot;",
'\'' => "&apos;",
'&' => "&amp;",
})
end
def register_mime_types def register_mime_types
{ {
".zip" => "application/zip", ".zip" => "application/zip",

2
src/views/opds/index.xml.ecr
View File

@ -14,7 +14,7 @@
<% titles.each do |t| %> <% titles.each do |t| %>
<entry> <entry>
<title><%= escape_xml(t.display_name) %></title> <title><%= HTML.escape(t.display_name) %></title>
<id>urn:mango:<%= t.id %></id> <id>urn:mango:<%= t.id %></id>
<link type="application/atom+xml;profile=opds-catalog;kind=navigation" rel="subsection" href="<%= base_url %>opds/book/<%= t.id %>" /> <link type="application/atom+xml;profile=opds-catalog;kind=navigation" rel="subsection" href="<%= base_url %>opds/book/<%= t.id %>" />
</entry> </entry>

6
src/views/opds/title.xml.ecr
View File

@ -5,7 +5,7 @@
<link rel="self" href="<%= base_url %>opds/book/<%= title.id %>" type="application/atom+xml;profile=opds-catalog;kind=navigation" /> <link rel="self" href="<%= base_url %>opds/book/<%= title.id %>" type="application/atom+xml;profile=opds-catalog;kind=navigation" />
<link rel="start" href="<%= base_url %>opds/" type="application/atom+xml;profile=opds-catalog;kind=navigation" /> <link rel="start" href="<%= base_url %>opds/" type="application/atom+xml;profile=opds-catalog;kind=navigation" />
<title><%= escape_xml(title.display_name) %></title> <title><%= HTML.escape(title.display_name) %></title>
<author> <author>
<name>Mango</name> <name>Mango</name>
@ -14,7 +14,7 @@
<% title.titles.each do |t| %> <% title.titles.each do |t| %>
<entry> <entry>
<title><%= escape_xml(t.display_name) %></title> <title><%= HTML.escape(t.display_name) %></title>
<id>urn:mango:<%= t.id %></id> <id>urn:mango:<%= t.id %></id>
<link type="application/atom+xml;profile=opds-catalog;kind=navigation" rel="subsection" href="<%= base_url %>opds/book/<%= t.id %>" /> <link type="application/atom+xml;profile=opds-catalog;kind=navigation" rel="subsection" href="<%= base_url %>opds/book/<%= t.id %>" />
</entry> </entry>
@ -22,7 +22,7 @@
<% title.entries.each do |e| %> <% title.entries.each do |e| %>
<entry> <entry>
<title><%= escape_xml(e.display_name) %></title> <title><%= HTML.escape(e.display_name) %></title>
<id>urn:mango:<%= e.id %></id> <id>urn:mango:<%= e.id %></id>
<link rel="http://opds-spec.org/image" href="<%= e.cover_url %>" /> <link rel="http://opds-spec.org/image" href="<%= e.cover_url %>" />