diff options
| author | Vincent Ambo <v.ambo@me.com> | 2012-03-15T20·26+0100 |
|---|---|---|
| committer | Vincent Ambo <v.ambo@me.com> | 2012-03-15T20·26+0100 |
| commit | b8a045d163a50c138bfe6300fc39b5cddc40f5d1 (patch) | |
| tree | fce3f9d83ed150087b4dd7d4db92330f5bf6cbc8 /src/Main.hs | |
| parent | f591f6b4f72a6a6989a7631b17fbd9ee5d7f6c6d (diff) | |
* proper comment escaping
Diffstat (limited to 'src/Main.hs')
| -rw-r--r-- | src/Main.hs | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/Main.hs b/src/Main.hs index fe111f76668a..8adef253a591 100644 --- a/src/Main.hs +++ b/src/Main.hs @@ -120,10 +120,18 @@ addComment acid lang eId = do nCtext <- lookText' "ctext" nComment <- Comment <$> pure now <*> lookText' "cname" - <*> pure (entryEscape nCtext) + <*> pure (commentEscape nCtext) update' acid (AddComment eId nComment) seeOther ("/" ++ show lang ++ "/" ++ show eId) (toResponse()) +commentEscape :: Text -> Text +commentEscape = newlineEscape . ltEscape . gtEscape . ampEscape + where + newlineEscape = T.replace "\n" "<br>" + ampEscape = T.replace "&" "&" + ltEscape = T.replace "<" "<" + gtEscape = T.replace ">" ">" + {- ADMIN stuff -} postEntry :: AcidState Blog -> ServerPart Response |