fix(render): Escape thread titles in index
This commit is contained in:
parent
87237f5c28
commit
2bbcc8432e
1 changed files with 19 additions and 1 deletions
|
@ -29,12 +29,30 @@ impl Message for IndexPage {
|
|||
type Result = Result<String>;
|
||||
}
|
||||
|
||||
#[derive(Debug, Serialize)]
|
||||
struct IndexThread {
|
||||
id: i32,
|
||||
title: String,
|
||||
posted: DateTime<Utc>,
|
||||
author_name: String,
|
||||
}
|
||||
|
||||
impl Handler<IndexPage> for Renderer {
|
||||
type Result = Result<String>;
|
||||
|
||||
fn handle(&mut self, msg: IndexPage, _: &mut Self::Context) -> Self::Result {
|
||||
let threads: Vec<IndexThread> = msg.threads
|
||||
.into_iter()
|
||||
.map(|thread| IndexThread {
|
||||
id: thread.id,
|
||||
title: escape_html(&thread.title),
|
||||
posted: thread.posted,
|
||||
author_name: thread.author_name,
|
||||
})
|
||||
.collect();
|
||||
|
||||
let mut ctx = Context::new();
|
||||
ctx.add("threads", &msg.threads);
|
||||
ctx.add("threads", &threads);
|
||||
Ok(self.tera.render("index.html", &ctx)?)
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue