Skip to content

Commit

Permalink
Escape HTML characters in web search query before displaying in UI
Browse files Browse the repository at this point in the history
  • Loading branch information
@yamnikov-oleg
yamnikov-oleg committed Feb 4, 2017
1 parent 649f50e commit 00e2d4f
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 1 deletion.
2 changes: 1 addition & 1 deletion launch_entry.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ func NewWebSearchEntry(q string) *LaunchEntry {
Type: WebSearchEntry,
Icon: Config.WebSearch.Icon,
Name: q,
MarkupName: fmt.Sprintf("Search for: <b>%v</b>", q),
MarkupName: fmt.Sprintf("Search for: <b>%v</b>", EscapeHTML(q)),
TabName: q,
Cmdline: "xdg-open " + fmt.Sprintf(Config.WebSearch.Engine, url.QueryEscape(q)),
}
Expand Down
7 changes: 7 additions & 0 deletions util.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,13 @@ func EscapeAmpersand(s string) string {
return strings.Replace(s, "&", "&amp;", -1)
}

func EscapeHTML(s string) string {
s = strings.Replace(s, "&", "&amp;", -1)
s = strings.Replace(s, "<", "&lt;", -1)
s = strings.Replace(s, ">", "&gt;", -1)
return s
}

func ExpandEnvVars(query string) string {
matches := EnvVarRegexp.FindAllStringSubmatch(query, -1)
for _, match := range matches {
Expand Down

0 comments on commit 00e2d4f

Please sign in to comment.