From ea8b9e9cce3fa26dc8cff137cdd06cc00f17e4a6 Mon Sep 17 00:00:00 2001 From: sigoden Date: Tue, 21 Jun 2022 19:23:34 +0800 Subject: [PATCH] fix: escape name contains html escape code (#65) --- assets/index.js | 32 +++++++++++++++++++++++--------- src/server.rs | 5 ++--- 2 files changed, 25 insertions(+), 12 deletions(-) diff --git a/assets/index.js b/assets/index.js index df92c7c..22349ef 100644 --- a/assets/index.js +++ b/assets/index.js @@ -64,14 +64,16 @@ class Uploader { upload() { const { file, idx, name } = this; - let url = getUrl(name); + const url = getUrl(name); + const encodedUrl = encodedStr(url); + const encodedName = encodedStr(name); $uploadersTable.insertAdjacentHTML("beforeend", ` ${getSvg(file.path_type)} - ${name} + ${encodedName} `); @@ -141,12 +143,14 @@ function addBreadcrumb(href, uri_prefix) { } path += encodeURI(name); } + const encodedPath = encodedStr(path); + const encodedName = encodedStr(name); if (i === 0) { - $breadcrumb.insertAdjacentHTML("beforeend", ``); + $breadcrumb.insertAdjacentHTML("beforeend", ``); } else if (i === len - 1) { - $breadcrumb.insertAdjacentHTML("beforeend", `${name}`); + $breadcrumb.insertAdjacentHTML("beforeend", `${encodedName}`); } else { - $breadcrumb.insertAdjacentHTML("beforeend", `${name}`); + $breadcrumb.insertAdjacentHTML("beforeend", `${encodedName}`); } if (i !== len - 1) { $breadcrumb.insertAdjacentHTML("beforeend", `/`); @@ -160,28 +164,31 @@ function addBreadcrumb(href, uri_prefix) { * @param {number} index */ function addPath(file, index) { + const encodedName = encodedStr(file.name); let url = getUrl(file.name) + let encodedUrl = encodedStr(url); let actionDelete = ""; let actionDownload = ""; if (file.path_type.endsWith("Dir")) { url += "/"; + encodedUrl += "/"; actionDownload = `
- +
`; } else { actionDownload = `
- +
`; } if (DATA.allow_delete) { actionDelete = ` -
+
`; } @@ -197,7 +204,7 @@ function addPath(file, index) { ${getSvg(file.path_type)} - ${file.name} + ${encodedName} ${formatMtime(file.mtime)} ${formatSize(file.size).join(" ")} @@ -333,7 +340,14 @@ function formatPercent(precent) { } } +function encodedStr(rawStr) { + return rawStr.replace(/[\u00A0-\u9999<>\&]/g, function(i) { + return '&#'+i.charCodeAt(0)+';'; + }); +} + function ready() { + document.title = `Index of ${DATA.href} - Dufs`; $pathsTable = document.querySelector(".paths-table") $pathsTableBody = document.querySelector(".paths-table tbody"); $uploadersTable = document.querySelector(".uploaders-table"); diff --git a/src/server.rs b/src/server.rs index 06cd0f8..9417b43 100644 --- a/src/server.rs +++ b/src/server.rs @@ -692,7 +692,7 @@ impl Server { paths.sort_unstable(); let href = format!("/{}", normalize_path(path.strip_prefix(&self.args.path)?)); let data = IndexData { - href: href.clone(), + href, uri_prefix: self.args.uri_prefix.clone(), paths, allow_upload: self.args.allow_upload, @@ -705,14 +705,13 @@ impl Server { "__SLOT__", &format!( r#" -Index of {} - Dufs "#, - href, INDEX_CSS, data, INDEX_JS + INDEX_CSS, data, INDEX_JS ), ); res.headers_mut()