diff options
author | Frédéric Guillot <fred@miniflux.net> | 2020-01-02 11:06:57 -0800 |
---|---|---|
committer | Frédéric Guillot <fred@miniflux.net> | 2020-01-02 11:20:10 -0800 |
commit | 4d9956cf658d7a970654ae3baf23ad995e287525 (patch) | |
tree | 475fc8d39549ec24ad09e0fbc0b206ef0141994c /template/html/common | |
parent | ac3c936820033f27e32c9a4490f2f33d6ffd6b05 (diff) |
Make sure external URLs are not encoded incorrectly by Go template engine
Diffstat (limited to 'template/html/common')
-rw-r--r-- | template/html/common/feed_list.html | 2 | ||||
-rw-r--r-- | template/html/common/item_meta.html | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/template/html/common/feed_list.html b/template/html/common/feed_list.html index cb80a1f..8e57ad2 100644 --- a/template/html/common/feed_list.html +++ b/template/html/common/feed_list.html @@ -20,7 +20,7 @@ <div class="item-meta"> <ul> <li> - <a href="{{ .SiteURL }}" title="{{ .SiteURL }}" target="_blank" rel="noopener noreferrer" referrerpolicy="no-referrer" data-original-link="true">{{ domain .SiteURL }}</a> + <a href="{{ .SiteURL | safeURL }}" title="{{ .SiteURL }}" target="_blank" rel="noopener noreferrer" referrerpolicy="no-referrer" data-original-link="true">{{ domain .SiteURL }}</a> </li> <li> {{ t "page.feeds.last_check" }} <time datetime="{{ isodate .CheckedAt }}" title="{{ isodate .CheckedAt }}">{{ elapsed $.user.Timezone .CheckedAt }}</time> diff --git a/template/html/common/item_meta.html b/template/html/common/item_meta.html index ba83da7..1797700 100644 --- a/template/html/common/item_meta.html +++ b/template/html/common/item_meta.html @@ -19,11 +19,11 @@ </li> {{ end }} <li> - <a href="{{ .entry.URL }}" target="_blank" rel="noopener noreferrer" referrerpolicy="no-referrer" data-original-link="true">{{ t "entry.original.label" }}</a> + <a href="{{ .entry.URL | safeURL }}" target="_blank" rel="noopener noreferrer" referrerpolicy="no-referrer" data-original-link="true">{{ t "entry.original.label" }}</a> </li> {{ if .entry.CommentsURL }} <li> - <a href="{{ .entry.CommentsURL }}" title="{{ t "entry.comments.title" }}" target="_blank" rel="noopener noreferrer" referrerpolicy="no-referrer">{{ t "entry.comments.label" }}</a> + <a href="{{ .entry.CommentsURL | safeURL }}" title="{{ t "entry.comments.title" }}" target="_blank" rel="noopener noreferrer" referrerpolicy="no-referrer">{{ t "entry.comments.label" }}</a> </li> {{ end }} <li> |