From b8a045d163a50c138bfe6300fc39b5cddc40f5d1 Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Thu, 15 Mar 2012 21:26:45 +0100 Subject: * proper comment escaping --- src/Main.hs | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'src/Main.hs') diff --git a/src/Main.hs b/src/Main.hs index fe111f76668a..8adef253a591 100644 --- a/src/Main.hs +++ b/src/Main.hs @@ -120,10 +120,18 @@ addComment acid lang eId = do nCtext <- lookText' "ctext" nComment <- Comment <$> pure now <*> lookText' "cname" - <*> pure (entryEscape nCtext) + <*> pure (commentEscape nCtext) update' acid (AddComment eId nComment) seeOther ("/" ++ show lang ++ "/" ++ show eId) (toResponse()) +commentEscape :: Text -> Text +commentEscape = newlineEscape . ltEscape . gtEscape . ampEscape + where + newlineEscape = T.replace "\n" "
" + ampEscape = T.replace "&" "&" + ltEscape = T.replace "<" "<" + gtEscape = T.replace ">" ">" + {- ADMIN stuff -} postEntry :: AcidState Blog -> ServerPart Response -- cgit 1.4.1