diff options
author | Frédéric Guillot <fred@miniflux.net> | 2020-01-02 11:06:57 -0800 |
---|---|---|
committer | Frédéric Guillot <fred@miniflux.net> | 2020-01-02 11:20:10 -0800 |
commit | 4d9956cf658d7a970654ae3baf23ad995e287525 (patch) | |
tree | 475fc8d39549ec24ad09e0fbc0b206ef0141994c /template/html/entry.html | |
parent | ac3c936820033f27e32c9a4490f2f33d6ffd6b05 (diff) |
Make sure external URLs are not encoded incorrectly by Go template engine
Diffstat (limited to 'template/html/entry.html')
-rw-r--r-- | template/html/entry.html | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/template/html/entry.html b/template/html/entry.html index df5882b..cbf85f6 100644 --- a/template/html/entry.html +++ b/template/html/entry.html @@ -4,7 +4,7 @@ <section class="entry" data-id="{{ .entry.ID }}"> <header class="entry-header"> <h1> - <a href="{{ .entry.URL }}" target="_blank" rel="noopener noreferrer" referrerpolicy="no-referrer">{{ .entry.Title }}</a> + <a href="{{ .entry.URL | safeURL }}" target="_blank" rel="noopener noreferrer" referrerpolicy="no-referrer">{{ .entry.Title }}</a> </h1> <div class="entry-actions"> <ul> @@ -54,7 +54,7 @@ </li> {{ if .entry.CommentsURL }} <li> - <a href="{{ .entry.CommentsURL }}" title="{{ t "entry.comments.title" }}" target="_blank" rel="noopener noreferrer" referrerpolicy="no-referrer">{{ t "entry.comments.label" }}</a> + <a href="{{ .entry.CommentsURL | safeURL }}" title="{{ t "entry.comments.title" }}" target="_blank" rel="noopener noreferrer" referrerpolicy="no-referrer">{{ t "entry.comments.label" }}</a> </li> {{ end }} </ul> @@ -115,7 +115,7 @@ {{ end }} <div class="entry-enclosure-download"> - <a href="{{ .URL }}" title="{{ t "action.download" }}{{ if gt .Size 0 }} - {{ formatFileSize .Size }}{{ end }} ({{ .MimeType }})" target="_blank" rel="noopener noreferrer" referrerpolicy="no-referrer">{{ .URL }}</a> + <a href="{{ .URL | safeURL }}" title="{{ t "action.download" }}{{ if gt .Size 0 }} - {{ formatFileSize .Size }}{{ end }} ({{ .MimeType }})" target="_blank" rel="noopener noreferrer" referrerpolicy="no-referrer">{{ .URL | safeURL }}</a> <small>{{ if gt .Size 0 }} - <strong>{{ formatFileSize .Size }}</strong>{{ end }}</small> </div> </div> |