X-Git-Url: https://gitweb.ps.run/chirp/blobdiff_plain/4cf4bee6f41428be1e4138b329b3f9d0a7ccf4f4..d8f54dd8ac187349c1194871a55d4675f28e5a43:/src/main.zig
diff --git a/src/main.zig b/src/main.zig
index cc33216..164606f 100644
--- a/src/main.zig
+++ b/src/main.zig
@@ -111,28 +111,19 @@ fn reencode(comptime T: type, text: []const u8) !T {
const c = text[idx];
if (c == '+') {
try result.append(' ');
- } else if (c == '%') {
- // special case of &#...
- // assume only &#, no &#x
- if (idx + 6 < text.len and std.mem.eql(u8, text[idx .. idx + 6], "%26%23")) {
- const num_start = idx + 6;
- var num_end = num_start;
- while (num_end < text.len and std.ascii.isDigit(text[num_end])) {
- num_end += 1;
- }
+ } else if (c == '%' and idx + 2 < text.len) {
+ const allow = &[_]u8{ 0x26, 0x23, 0x3b, 0x0a };
- if (num_end + 2 < text.len and
- text[num_end] == '%' and
- text[num_end + 1] == '3' and
- std.ascii.toLower(text[num_end + 2]) == 'b')
- {
- try std.fmt.format(result.writer(), "&#{s};", .{text[num_start..num_end]});
- idx = num_end + 2;
- continue;
- }
+ const escaped_value = std.fmt.parseUnsigned(u8, text[idx + 1 .. idx + 3], 16) catch continue;
+
+ if (escaped_value == 0x0d) {
+ try std.fmt.format(result.writer(), "
", .{});
+ } else if (std.mem.indexOfScalar(u8, allow, escaped_value) != null) {
+ try std.fmt.format(result.writer(), "{c}", .{escaped_value});
+ } else {
+ try std.fmt.format(result.writer(), "&#x{x};", .{escaped_value});
}
- try std.fmt.format(result.writer(), "&#x{s};", .{text[idx + 1 .. idx + 3]});
idx += 2;
} else {
try result.append(c);
@@ -518,10 +509,16 @@ fn html_form(res: *http.Response, action: []const u8, inputs: anytype) !void {
inline for (inputs) |input| {
switch (@typeInfo(@TypeOf(input))) {
- .Struct => {
- try res.write("", .{});
+ .Struct => |s| {
+ if (s.fields.len == 3) {
+ try res.write("<{s} ", .{input[0]});
+ try res.write(input[1], input[2]);
+ try res.write(">", .{input[0]});
+ } else {
+ try res.write("", .{});
+ }
},
else => {
try res.write("{s}{s}", .{ id, name.constSlice(), if (list_view.has(post_id) catch false) " *" else "" });
}
try res.write("", .{});
- try res.write("", .{@intFromEnum(post_id)});
- try res.write("", .{});
+ try res.write("", .{@intFromEnum(post_id)});
+ try res.write("", .{});
try res.write("", .{});
}
@@ -789,8 +786,8 @@ fn write_profile(res: *http.Response, txn: lmdb.Txn, logged_in: ?Login, user: Us
try res.write("", .{ id, name.constSlice(), if (list_view.has(user.id) catch false) " *" else "" });
}
try res.write("", .{});
- try res.write("", .{@intFromEnum(user.id)});
- try res.write("", .{});
+ try res.write("", .{@intFromEnum(user.id)});
+ try res.write("", .{});
try res.write("", .{});
}
try res.write(
@@ -1274,7 +1271,7 @@ const GET = struct {
});
try self.res.write("
Description: ", .{});
try html_form(self.res, "/set_description", .{
- .{ "type=\"text\" name=\"description\" placeholder=\"{s}\"", .{login.user.description.constSlice()} },
+ .{ "textarea", "type=\"text\" name=\"description\" placeholder=\"{s}\"", .{login.user.description.constSlice()} },
"type=\"submit\" value=\"Change\"",
});
try self.res.write("
Password: ", .{});