properly escape tweet content

4 years ago · e3902c3666
2 changed files with 6 additions and 3 deletions
--- a/src/twit2blogpkg/server.nim
+++ b/src/twit2blogpkg/server.nim
@ -71,7 +71,7 @@ router twitblog:
      resp htmlgen.body(
        htmlgen.a(href=fmt"/author/{author}/threads", fmt"See all of {author}'s threads"),
        htmlgen.h4(title),
-        htmlgen.ul(tweets.map((t) => htmlgen.p(htmlgen.li(t))).join(""))
+        htmlgen.ul(tweets.map((t) => htmlgen.li(t)).join(""))
      )
    else:
      chan.send(ThreadRequest(tweetID: tweetID, author: author))
--- a/src/twit2blogpkg/twitter.nim
+++ b/src/twit2blogpkg/twitter.nim
@ -1,4 +1,6 @@
 import httpClient, base64, uri, json, os, strformat, sequtils, strutils, options
+from htmlgen import nil
+from xmltree import escape

 proc buildAuthHeader() : string =
  let consumerKey = "TWITTER_CONSUMER_KEY".getEnv
@ -75,9 +77,10 @@ proc convertWords(tweet : string) : string =
        let hostname = parsedUri.hostname
        let path = parsedUri.path
        if (scheme.len > 0 and hostname.len > 0):
-          stripped &= fmt"[{scheme}://{hostname}{path}]({scheme}://{hostname}{path})"
+          let url = xmltree.escape(fmt"{scheme}://{hostname}{path}")
+          stripped &= htmlgen.a(href=url, url)
      elif word.len > 0 and word[0] != '@':
-        stripped &= word
+        stripped &= xmltree.escape(word)
      else:
        continue
  stripped.join(" ")