From 50309aa295ba38eb74998092850734b8c8bfa981 Mon Sep 17 00:00:00 2001 From: Jens Reidel Date: Sun, 7 Feb 2021 05:50:23 +0100 Subject: [PATCH] Use askama-escape for html escaping (#1953) --- actix-files/CHANGES.md | 2 ++ actix-files/Cargo.toml | 3 ++- actix-files/src/directory.rs | 4 ++-- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/actix-files/CHANGES.md b/actix-files/CHANGES.md index 9f606dfcd..8e5566b61 100644 --- a/actix-files/CHANGES.md +++ b/actix-files/CHANGES.md @@ -2,8 +2,10 @@ ## Unreleased - 2021-xx-xx * Fix If-Modified-Since and If-Unmodified-Since to not compare using sub-second timestamps. [#1887] +* Replace `v_htmlescape` with `askama_escape`. [#1953] [#1887]: https://github.com/actix/actix-web/pull/1887 +[#1953]: https://github.com/actix/actix-web/pull/1953 ## 0.6.0-beta.1 - 2021-01-07 * `HttpRange::parse` now has its own error type. diff --git a/actix-files/Cargo.toml b/actix-files/Cargo.toml index 3371ab060..b4317596c 100644 --- a/actix-files/Cargo.toml +++ b/actix-files/Cargo.toml @@ -19,6 +19,8 @@ path = "src/lib.rs" [dependencies] actix-web = { version = "4.0.0-beta.1", default-features = false } actix-service = "2.0.0-beta.4" + +askama_escape = "0.10" bitflags = "1" bytes = "1" futures-core = { version = "0.3.7", default-features = false } @@ -28,7 +30,6 @@ log = "0.4" mime = "0.3" mime_guess = "2.0.1" percent-encoding = "2.1" -v_htmlescape = "0.12" [dev-dependencies] actix-rt = "2" diff --git a/actix-files/src/directory.rs b/actix-files/src/directory.rs index 3717985d3..1103dd6a7 100644 --- a/actix-files/src/directory.rs +++ b/actix-files/src/directory.rs @@ -1,8 +1,8 @@ use std::{fmt::Write, fs::DirEntry, io, path::Path, path::PathBuf}; use actix_web::{dev::ServiceResponse, HttpRequest, HttpResponse}; +use askama_escape::{escape as escape_html_entity, Html}; use percent_encoding::{utf8_percent_encode, CONTROLS}; -use v_htmlescape::escape as escape_html_entity; /// A directory; responds with the generated directory listing. #[derive(Debug)] @@ -50,7 +50,7 @@ macro_rules! encode_file_url { // " -- " & -- & ' -- ' < -- < > -- > / -- / macro_rules! encode_file_name { ($entry:ident) => { - escape_html_entity(&$entry.file_name().to_string_lossy()) + escape_html_entity(&$entry.file_name().to_string_lossy(), Html) }; }