From da53c5172df28f3f2203f84ee1009b464f3542ef Mon Sep 17 00:00:00 2001 From: Timo Wilken Date: Thu, 11 Jan 2024 15:28:09 +0100 Subject: Escape HTML properly when processing plaintext READMEs --- tw/system/lud.scm | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/tw/system/lud.scm b/tw/system/lud.scm index ab484648..7d41eae0 100644 --- a/tw/system/lud.scm +++ b/tw/system/lud.scm @@ -131,7 +131,8 @@ that I just want to host somewhere.") ;; See also /gnu/store/...-cgit-1.2.3/lib/cgit/filters/. (readme ":README.md") - (extra-options '("readme=:README.org" "readme=:README")) ; alternative readmes + (extra-options ; alternative readmes + '("readme=:README.org" "readme=:README.html" "readme=:README")) (about-filter (program-file "cgit-about-filter" (with-extensions (list guile-commonmark) @@ -144,9 +145,19 @@ that I just want to host somewhere.") (cond ((string-suffix? ".md" file-name) (sxml->xml (commonmark->sxml))) + ((string-suffix? ".html" file-name) + (dump-port (current-input-port) (current-output-port))) (else (display "
")
-                            (dump-port (current-input-port) (current-output-port))
+                            (do ((ch (read-char) (read-char)))
+                                ((eof-object? ch))
+                              (case ch
+                                ((#\") (display """))
+                                ((#\') (display "'"))
+                                ((#\&) (display "&"))
+                                ((#\<) (display "<"))
+                                ((#\>) (display ">"))
+                                (else => write-char)))
                             (display "
")))))))) (nginx -- cgit v1.2.3