From 7e4defffd9a1ec949671f99a8bc72cffdba20130 Mon Sep 17 00:00:00 2001 From: Ted Unangst Date: Wed, 16 Oct 2019 18:45:19 -0400 Subject: [PATCH] use templates.sprintf helper --- web.go | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/web.go b/web.go index 38fdd83..809081f 100644 --- a/web.go +++ b/web.go @@ -19,7 +19,6 @@ import ( "bytes" "database/sql" "fmt" - "html" "html/template" "io" "log" @@ -195,12 +194,12 @@ func showrss(w http.ResponseWriter, r *http.Request) { } } if p := honk.Place; p != nil { - desc += fmt.Sprintf(`

Location: %s %f %f`, - html.EscapeString(p.Url), html.EscapeString(p.Name), p.Latitude, p.Longitude) + desc += string(templates.Sprintf(`

Location: %s %f %f`, + p.Url, p.Name, p.Latitude, p.Longitude)) } for _, d := range honk.Donks { - desc += fmt.Sprintf(`

Attachment: %s`, - d.URL, html.EscapeString(d.Name)) + desc += string(templates.Sprintf(`

Attachment: %s`, + d.URL, d.Name)) } feed.Items = append(feed.Items, &rss.Item{ @@ -593,12 +592,11 @@ func showhonker(w http.ResponseWriter, r *http.Request) { } else { honks = gethonksbyhonker(u.UserID, name) } - name = html.EscapeString(name) - msg := fmt.Sprintf(`honks by honker: %s`, name, name) + msg := templates.Sprintf(`honks by honker: %s`, name, name) templinfo := getInfo(r) templinfo["PageName"] = "honker" templinfo["PageArg"] = name - templinfo["ServerMessage"] = template.HTML(msg) + templinfo["ServerMessage"] = msg templinfo["HonkCSRF"] = login.GetCSRF("honkhonk", r) honkpage(w, u, honks, templinfo) } @@ -1667,9 +1665,8 @@ func webhydra(w http.ResponseWriter, r *http.Request) { xid = gofish(xid) } honks = gethonksbyxonker(userid, xid) - xid = html.EscapeString(xid) - msg := fmt.Sprintf(`honks by honker: %s`, xid, xid) - templinfo["ServerMessage"] = template.HTML(msg) + msg := templates.Sprintf(`honks by honker: %s`, xid, xid) + templinfo["ServerMessage"] = msg default: http.NotFound(w, r) }