Fix HTML encoding in templating (#404)

2022-05-20 23:28:31 -06:00
parent 7e07ca3df1
commit 322aa97a18
12 changed files with 33 additions and 47 deletions
--- a/templates/comment.html
+++ b/templates/comment.html
@ -32,9 +32,9 @@
 		{% if is_filtered %}
 		<div class="comment_body_filtered {% if highlighted %}highlighted{% endif %}">(Filtered content)</div>
 		{% else %}
-		<div class="comment_body {% if highlighted %}highlighted{% endif %}">{{ body }}</div>
+		<div class="comment_body {% if highlighted %}highlighted{% endif %}">{{ body|safe }}</div>
 		{% endif %}
-		<blockquote class="replies">{% for c in replies -%}{{ c.render().unwrap() }}{%- endfor %}
+		<blockquote class="replies">{% for c in replies -%}{{ c.render().unwrap()|safe }}{%- endfor %}
 		</blockquote>
 	</details>
 </div>
--- a/templates/post.html
+++ b/templates/post.html
@ -110,7 +110,7 @@
 			{% endif %}

 			<!-- POST BODY -->
-			<div class="post_body">{{ post.body }}</div>
+			<div class="post_body">{{ post.body|safe }}</div>
 			<div class="post_score" title="{{ post.score.1 }}">{{ post.score.0 }}<span class="label"> Upvotes</span></div>
 			<div class="post_footer">
 				<ul id="post_links">
@ -144,7 +144,7 @@
 			{% endif %}
 			{% endif %}
 			
-			{{ c.render().unwrap() }}
+			{{ c.render().unwrap()|safe }}
 		</div>
 		{%- endfor %}

--- a/templates/search.html
+++ b/templates/search.html
@ -39,7 +39,7 @@
 			{% endif %}
 			{% for subreddit in subreddits %}
 			<a href="{{ subreddit.url }}" class="search_subreddit">
-				<div class="search_subreddit_left">{% if subreddit.icon != "" %}<img loading="lazy" src="{{ subreddit.icon }}" alt="r/{{ subreddit.name }} icon">{% endif %}</div>
+				<div class="search_subreddit_left">{% if subreddit.icon != "" %}<img loading="lazy" src="{{ subreddit.icon|safe }}" alt="r/{{ subreddit.name }} icon">{% endif %}</div>
 				<div class="search_subreddit_right">
 					<p class="search_subreddit_header"> 
 						<span class="search_subreddit_name">r/{{ subreddit.name }}</span>
--- a/templates/subreddit.html
+++ b/templates/subreddit.html
@ -127,7 +127,7 @@
 			<details class="panel" id="sidebar">
 				<summary id="sidebar_label">Sidebar</summary>
 				<div id="sidebar_contents">
-					{{ sub.info }}
+					{{ sub.info|safe }}
 					{# <hr>
 					<h2>Moderators</h2>
 					<br>
--- a/templates/user.html
+++ b/templates/user.html
@ -52,7 +52,7 @@
 						<a class="comment_link" href="{{ post.permalink }}">COMMENT</a>
 						<span class="created" title="{{ post.created }}">{{ post.rel_time }}</span>
 					</summary>
-					<p class="comment_body">{{ post.body }}</p>
+					<p class="comment_body">{{ post.body|safe }}</p>
 				</details>
 			</div>
 			{% endif %}
--- a/templates/utils.html
+++ b/templates/utils.html
@ -138,7 +138,7 @@

 	<div class="post_score" title="{{ post.score.1 }}">{{ post.score.0 }}<span class="label"> Upvotes</span></div>
 	<div class="post_body post_preview">
-		{{ post.body }}
+		{{ post.body|safe }}
 	</div>
 	<div class="post_footer">
 		<a href="{{ post.permalink }}" class="post_comments" title="{{ post.comments.1 }} comments">{{ post.comments.0 }} comments</a>
--- a/templates/wiki.html
+++ b/templates/wiki.html
@ -22,8 +22,8 @@
 				<div>Wiki</div>
 			</div>
 			<div id="wiki">
-				{{ wiki }}
+				{{ wiki|safe }}
 			</div>
 		</div>
 	</main>
-{% endblock %}
+{% endblock %}