From 50309aa295ba38eb74998092850734b8c8bfa981 Mon Sep 17 00:00:00 2001
From: Jens Reidel <adrian@travitia.xyz>
Date: Sun, 7 Feb 2021 05:50:23 +0100
Subject: [PATCH] Use askama-escape for html escaping (#1953)

---
 actix-files/CHANGES.md       | 2 ++
 actix-files/Cargo.toml       | 3 ++-
 actix-files/src/directory.rs | 4 ++--
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/actix-files/CHANGES.md b/actix-files/CHANGES.md
index 9f606dfcd..8e5566b61 100644
--- a/actix-files/CHANGES.md
+++ b/actix-files/CHANGES.md
@@ -2,8 +2,10 @@
 
 ## Unreleased - 2021-xx-xx
 * Fix If-Modified-Since and If-Unmodified-Since to not compare using sub-second timestamps. [#1887]
+* Replace `v_htmlescape` with `askama_escape`. [#1953]
 
 [#1887]: https://github.com/actix/actix-web/pull/1887
+[#1953]: https://github.com/actix/actix-web/pull/1953
 
 ## 0.6.0-beta.1 - 2021-01-07
 * `HttpRange::parse` now has its own error type.
diff --git a/actix-files/Cargo.toml b/actix-files/Cargo.toml
index 3371ab060..b4317596c 100644
--- a/actix-files/Cargo.toml
+++ b/actix-files/Cargo.toml
@@ -19,6 +19,8 @@ path = "src/lib.rs"
 [dependencies]
 actix-web = { version = "4.0.0-beta.1", default-features = false }
 actix-service = "2.0.0-beta.4"
+
+askama_escape = "0.10"
 bitflags = "1"
 bytes = "1"
 futures-core = { version = "0.3.7", default-features = false }
@@ -28,7 +30,6 @@ log = "0.4"
 mime = "0.3"
 mime_guess = "2.0.1"
 percent-encoding = "2.1"
-v_htmlescape = "0.12"
 
 [dev-dependencies]
 actix-rt = "2"
diff --git a/actix-files/src/directory.rs b/actix-files/src/directory.rs
index 3717985d3..1103dd6a7 100644
--- a/actix-files/src/directory.rs
+++ b/actix-files/src/directory.rs
@@ -1,8 +1,8 @@
 use std::{fmt::Write, fs::DirEntry, io, path::Path, path::PathBuf};
 
 use actix_web::{dev::ServiceResponse, HttpRequest, HttpResponse};
+use askama_escape::{escape as escape_html_entity, Html};
 use percent_encoding::{utf8_percent_encode, CONTROLS};
-use v_htmlescape::escape as escape_html_entity;
 
 /// A directory; responds with the generated directory listing.
 #[derive(Debug)]
@@ -50,7 +50,7 @@ macro_rules! encode_file_url {
 // " -- &quot;  & -- &amp;  ' -- &#x27;  < -- &lt;  > -- &gt;  / -- &#x2f;
 macro_rules! encode_file_name {
     ($entry:ident) => {
-        escape_html_entity(&$entry.file_name().to_string_lossy())
+        escape_html_entity(&$entry.file_name().to_string_lossy(), Html)
     };
 }