commit 16c1750b617260be2bb5aed97c4b73faabedaa42
from: Omar Polo <op@omarpolo.com>
date: Fri Dec 01 16:51:48 2023 UTC

escape the readme blob in the tree view too

commit - d6aafba8ef79a513680838efe5739bb56e116c3d
commit + 16c1750b617260be2bb5aed97c4b73faabedaa42
blob - ccfb72d73ff3acccb9daee5236e0ef30544a3d88
blob + 678783717298d89ad7311bf831e0dd52bfe4a8ee
--- gotwebd/pages.tmpl
+++ gotwebd/pages.tmpl
@@ -724,7 +724,7 @@ nextsep(char *s, char **t)
 			if (len == 0)
 				break;
 			buf = got_object_blob_get_read_buf(t->blob);
-			if (tp_write(tp, buf, len) == -1) {
+			if (tp_write_htmlescape(tp, buf, len) == -1) {
 				free(readme);
 				return (-1);
 			}
blob - 5f1093f5488dc59cedb4551421207df0fb7e025d
blob + a462a35fdd53ed1e7997e205fd621e462ad511bc
--- template/tmpl.c
+++ template/tmpl.c
@@ -97,37 +97,46 @@ tp_urlescape(struct template *tp, const char *str)
 	return (0);
 }
 
+static inline int
+htmlescape(struct template *tp, char c)
+{
+	switch (c) {
+	case '<':
+		return tp_write(tp, "&lt;", 4);
+	case '>':
+		return tp_write(tp, "&gt;", 4);
+	case '&':
+		return tp_write(tp, "&amp;", 5);
+	case '"':
+		return tp_write(tp, "&quot;", 6);
+	case '\'':
+		return tp_write(tp, "&apos;", 6);
+	default:
+		return tp_write(tp, &c, 1);
+	}
+}
+
 int
 tp_htmlescape(struct template *tp, const char *str)
 {
-	int r;
-
 	if (str == NULL)
 		return (0);
 
 	for (; *str; ++str) {
-		switch (*str) {
-		case '<':
-			r = tp_write(tp, "&lt;", 4);
-			break;
-		case '>':
-			r = tp_write(tp, "&gt;", 4);
-			break;
-		case '&':
-			r = tp_write(tp, "&amp;", 5);
-			break;
-		case '"':
-			r = tp_write(tp, "&quot;", 6);
-			break;
-		case '\'':
-			r = tp_write(tp, "&apos;", 6);
-			break;
-		default:
-			r = tp_write(tp, str, 1);
-			break;
-		}
+		if (htmlescape(tp, *str) == -1)
+			return (-1);
+	}
 
-		if (r == -1)
+	return (0);
+}
+
+int
+tp_write_htmlescape(struct template *tp, const char *str, size_t len)
+{
+	size_t i;
+
+	for (i = 0; i < len; ++i) {
+		if (htmlescape(tp, str[i]) == -1)
 			return (-1);
 	}
 
blob - df3b74c2696e16f2a591fb656220ac7957c59a56
blob + 3246735b8276b8bcf62702651f4c61e069bf7158
--- template/tmpl.h
+++ template/tmpl.h
@@ -36,6 +36,7 @@ int	 tp_writef(struct template *, const char *, ...)
 	    __attribute__((__format__ (printf, 2, 3)));
 int	 tp_urlescape(struct template *, const char *);
 int	 tp_htmlescape(struct template *, const char *);
+int	 tp_write_htmlescape(struct template *, const char *, size_t);
 
 struct template	*template(void *, tmpl_write, char *, size_t);
 int		 template_flush(struct template *);