diff --git a/Cargo.toml b/Cargo.toml index d4221cbcb..a2aea4fdf 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -57,6 +57,7 @@ base64 = "0.9" bitflags = "1.0" failure = "0.1.1" h2 = "0.1" +htmlescape = "0.3" http = "^0.1.5" httparse = "1.2" log = "0.4" diff --git a/src/fs.rs b/src/fs.rs index 7ac0effae..f37134fec 100644 --- a/src/fs.rs +++ b/src/fs.rs @@ -15,6 +15,8 @@ use futures::{Async, Future, Poll, Stream}; use futures_cpupool::{CpuFuture, CpuPool}; use mime; use mime_guess::{get_mime_type, guess_mime_type}; +use percent_encoding::{utf8_percent_encode, DEFAULT_ENCODE_SET}; +use htmlescape::encode_minimal as escape_html_entity; use error::Error; use handler::{AsyncResult, Handler, Responder, RouteHandler, WrapHandler}; @@ -505,7 +507,10 @@ fn directory_listing( Err(_) => continue, }; // show file url as relative to static path - let file_url = format!("{}", p.to_string_lossy()); + let file_url = utf8_percent_encode(&p.to_string_lossy(), DEFAULT_ENCODE_SET) + .to_string(); + // " -- " & -- & ' -- ' < -- < > -- > + let file_name = escape_html_entity(&entry.file_name().to_string_lossy()); // if file is a directory, add '/' to the end of the name if let Ok(metadata) = entry.metadata() { @@ -514,14 +519,14 @@ fn directory_listing( body, "
  • {}/
    • ", file_url, - entry.file_name().to_string_lossy() + file_name ); } else { let _ = write!( body, "
  • {}
    • ", file_url, - entry.file_name().to_string_lossy() + file_name ); } } else { diff --git a/src/lib.rs b/src/lib.rs index 92ff13197..85df48dd9 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -103,6 +103,7 @@ extern crate lazy_static; extern crate futures; extern crate cookie; extern crate futures_cpupool; +extern crate htmlescape; extern crate http as modhttp; extern crate httparse; extern crate language_tags;