fixes #362; escapes search results (#363)

ringabout · web-flow · commit 1be45761213e · 2024-03-07T08:44:43.000+01:00
* fixes #362; escapes search results * fixes comments
diff --git a/src/forum.nim b/src/forum.nim
@@ -10,7 +10,7 @@ import
   os, strutils, times, md5, strtabs, math,
   jester, asyncdispatch, asyncnet, sequtils,
   parseutils, random, rst, recaptcha, json, re, sugar,
-  strformat, logging
+  strformat, logging, xmltree
 import cgi except setCookie
 import std/options
 
@@ -1634,15 +1634,19 @@ routes:
       q, $count, $0, q
     ]
     for rowFT in fastRows(db, queryFT, data):
-      var content = rowFT[3]
-      try: content = content.rstToHtml() except EParseError: discard
+      let content = rowFT[3]
+      var outcome = ""
+      try: outcome = content.rstToHtml()
+      except EParseError:
+        warn("Could not parse rst html.")
+        outcome = xmltree.escape(content) # bug #362 escapes content
       results.add(
         SearchResult(
           kind: SearchResultKind(rowFT[^1].parseInt()),
           threadId: rowFT[0].parseInt(),
           threadTitle: rowFT[1],
           postId: rowFT[2].parseInt(),
-          postContent: content,
+          postContent: outcome,
           creation: rowFT[4].parseInt(),
           author: selectUser(rowFT[5 .. 11]),
         )
diff --git a/src/utils.nim b/src/utils.nim
@@ -1,7 +1,9 @@
-import asyncdispatch, smtp, strutils, json, os, rst, rstgen, xmltree, strtabs,
+import asyncdispatch, smtp, strutils, json, os, xmltree, strtabs,
   htmlparser, streams, parseutils, options, logging
 from times import getTime, utc, format
 
+import packages/docutils/[rst, rstgen]
+
 # Used to be:
 # {'A'..'Z', 'a'..'z', '0'..'9', '_', '\128'..'\255'}
 let
