搜索结果 html 过滤

zhima1234 · zhima1234 · commit 0b3f6c8fa295 · 2017-09-14T13:51:32.000+08:00
diff --git a/src/http/http.go b/src/http/http.go
@@ -147,6 +147,7 @@ var funcMap = template.FuncMap{
 		json.Unmarshal([]byte(str), &result)
 		return result
 	},
+	"safeHtml": util.SafeHtml,
 }
 
 func tplInclude(file string, dot map[string]interface{}) template.HTML {
diff --git a/src/util/string.go b/src/util/string.go
@@ -7,6 +7,7 @@ package util
 
 import (
 	"errors"
+	"strings"
 	"unicode"
 	"unicode/utf8"
 
@@ -233,3 +234,8 @@ func UnderscoreName(name string) string {
 
 	return buffer.String()
 }
+
+func SafeHtml(s string) string {
+	r := strings.NewReplacer("<input", "&lt;input", "<a ", "&lt; a")
+	return r.Replace(s)
+}
diff --git a/template/search.html b/template/search.html
@@ -47,7 +47,7 @@
 					<h2>
 						<a href="/{{if eq .Objtype 0}}topics{{else if eq .Objtype 1}}articles{{else if eq .Objtype 2}}resources{{else if eq .Objtype 4}}p{{else}}wiki{{end}}/{{.Objid}}" target="_blank" title="{{.Title}}">{{noescape .HlTitle}}</a></h2>
 					{{if .Content}}
-					<p class="text">{{noescape .HlContent}}<a href="/articles/{{.Objid}}" target="_blank" title="阅读全文">阅读全文</a></p>
+					<p class="text">{{safeHtml (noescape .HlContent)}}<a href="/articles/{{.Objid}}" target="_blank" title="阅读全文">阅读全文</a></p>
 					{{end}}
 				</div>
 			</div>

Original file line number	Diff line number	Diff line change
`@@ -147,6 +147,7 @@ var funcMap = template.FuncMap{`
`147`	`147`	`json.Unmarshal([]byte(str), &result)`
`148`	`148`	`return result`
`149`	`149`	`},`
	`150`	`+ "safeHtml": util.SafeHtml,`
`150`	`151`	`}`
`151`	`152`
`152`	`153`	`func tplInclude(file string, dot map[string]interface{}) template.HTML {`