diff --git a/src/subcommand/server/templates/content.rs b/src/subcommand/server/templates/content.rs index 760d4e16f2..48cf1f32a6 100644 --- a/src/subcommand/server/templates/content.rs +++ b/src/subcommand/server/templates/content.rs @@ -9,13 +9,21 @@ impl<'a> Display for ContentHtml<'a> { fn fmt(&self, f: &mut Formatter) -> fmt::Result { match self.content { Some(Content::Text(text)) => { - write!(f, "
")?; + write!(f, "")?; text.escape(f, false)?; write!(f, "") } - Some(Content::Image) => write!(f, "", self.inscription_id), + Some(Content::Image) => write!( + f, + "", + self.inscription_id + ), Some(Content::IFrame) => { - write!(f, "", self.inscription_id) + write!( + f, + "", + self.inscription_id + ) } None => write!(f, "UNKNOWN
"), } @@ -26,6 +34,18 @@ impl<'a> Display for ContentHtml<'a> { mod tests { use super::*; + #[test] + fn unknown() { + assert_eq!( + ContentHtml { + content: None, + inscription_id: txid(1), + } + .to_string(), + "UNKNOWN
" + ); + } + #[test] fn text() { assert_eq!( @@ -38,6 +58,18 @@ mod tests { ); } + #[test] + fn text_is_escaped() { + assert_eq!( + ContentHtml { + content: Some(Content::Text("")), + inscription_id: txid(1), + } + .to_string(), + "<script>alert('hello!')</script>", + ); + } + #[test] fn image() { assert_eq!( @@ -46,7 +78,7 @@ mod tests { inscription_id: txid(1), } .to_string(), - "" + "" ); } @@ -58,7 +90,7 @@ mod tests { inscription_id: txid(1), } .to_string(), - "" + "" ); } } diff --git a/src/subcommand/server/templates/inscription.rs b/src/subcommand/server/templates/inscription.rs index 6b612eaeec..853789c85e 100644 --- a/src/subcommand/server/templates/inscription.rs +++ b/src/subcommand/server/templates/inscription.rs @@ -23,7 +23,7 @@ mod tests { use super::*; #[test] - fn txt_inscription() { + fn html() { pretty_assert_eq!( InscriptionHtml { genesis_height: 0, @@ -56,70 +56,4 @@ mod tests { .unindent() ); } - - #[test] - fn png_inscription() { - pretty_assert_eq!( - InscriptionHtml { - genesis_height: 0, - inscription_id: InscriptionId::from_str( - "ec90757eb3b164aa43fc548faa2fa0c52025494f2c15d5ddf11260b4034ac6dc" - ) - .unwrap(), - inscription: inscription("image/png", [1; 100]), - satpoint: satpoint(1, 0), - } - .to_string(), - " -Inscription ec90757eb3b164aa43fc548faa2fa0c52025494f2c15d5ddf11260b4034ac6dc
- - - -
UNKNOWN
- -