diff options
| author | Vincent Ambo <v.ambo@me.com> | 2012-03-15T20·26+0100 |
|---|---|---|
| committer | Vincent Ambo <v.ambo@me.com> | 2012-03-15T20·26+0100 |
| commit | b8a045d163a50c138bfe6300fc39b5cddc40f5d1 (patch) | |
| tree | fce3f9d83ed150087b4dd7d4db92330f5bf6cbc8 | |
| parent | f591f6b4f72a6a6989a7631b17fbd9ee5d7f6c6d (diff) | |
* proper comment escaping
| -rw-r--r-- | src/Blog.hs | 2 | ||||
| -rw-r--r-- | src/Main.hs | 10 |
2 files changed, 10 insertions, 2 deletions
diff --git a/src/Blog.hs b/src/Blog.hs index 534803baa4..5914052f93 100644 --- a/src/Blog.hs +++ b/src/Blog.hs @@ -116,7 +116,7 @@ renderComments comments lang = sequence_ $ map showComment comments showComment :: Comment -> Html showComment (Comment{..}) = H.li $ do H.i $ toHtml $ T.append cauthor ": " - toHtml ctext + preEscapedText ctext H.p ! A.class_ "tt" $ toHtml $ timeString cdate timeString t = formatTime defaultTimeLocale (cTimeFormat lang) t diff --git a/src/Main.hs b/src/Main.hs index fe111f7666..8adef253a5 100644 --- a/src/Main.hs +++ b/src/Main.hs @@ -120,10 +120,18 @@ addComment acid lang eId = do nCtext <- lookText' "ctext" nComment <- Comment <$> pure now <*> lookText' "cname" - <*> pure (entryEscape nCtext) + <*> pure (commentEscape nCtext) update' acid (AddComment eId nComment) seeOther ("/" ++ show lang ++ "/" ++ show eId) (toResponse()) +commentEscape :: Text -> Text +commentEscape = newlineEscape . ltEscape . gtEscape . ampEscape + where + newlineEscape = T.replace "\n" "<br>" + ampEscape = T.replace "&" "&" + ltEscape = T.replace "<" "<" + gtEscape = T.replace ">" ">" + {- ADMIN stuff -} postEntry :: AcidState Blog -> ServerPart Response |