diff --git a/server.js b/server.js
index e753227..f03a844 100644
--- a/server.js
+++ b/server.js
@@ -3,7 +3,7 @@ const app = express()
const port = 3000
var fs = require('fs')
var path = require('path')
-const { bufferFile, wc, head } = require('./utils')
+const { bufferFile, wc, head, escape } = require('./utils')
app.engine('cosmic', function (filePath, options, callback) {
fs.readFile(filePath, function (err, content) {
@@ -31,7 +31,7 @@ app.get('/', async function (req, res) {
let link = split[1]
link = link.replace(/\.txt$/, '.html')
let name = split[0].substr(1)
- content += '' + lines + ' >> ' + name + '\n'
+ content += '' + lines + ' >> ' + escape(name) + '\n'
lines--
}
res.render('index', { intro: intro, recent: content })
@@ -46,7 +46,7 @@ app.get('/log', async function (req, res) {
let link = split[1]
link = link.replace(/\.txt$/, '.html')
let name = split[0].substr(1)
- content += '' + String(lines).padStart(3, '0') + ' >> ' + name + '\n'
+ content += '' + String(lines).padStart(3, '0') + ' >> ' + escape(name) + '\n'
lines--
}
const back = '<< BACK TO COSMIC VOYAGE'
@@ -78,7 +78,7 @@ app.get('/ships', async function (req, res) {
app.get('/ships/*', async function (req, res) {
const list = await head('/var/gopher/listing.gophermap')
const ship = decodeURIComponent(req.path).replace(new RegExp('/ships/', 'i'), '').replace(new RegExp('/(?:index.html)?$', 'i'), '');
- const description = bufferFile('/var/gopher/' + ship + '/.description') || ''
+ const description = escape(bufferFile('/var/gopher/' + ship + '/.description')) || ''
const license = bufferFile('/var/gopher/' + ship + '/LICENSE') || ''
var licenseLabel = ''
var licenseContent = ''
@@ -96,7 +96,7 @@ app.get('/ships/*', async function (req, res) {
let link = split[1]
link = link.replace(/\.txt$/, '.html')
let name = split[0].substr(1)
- content += '' + String(list.length - i).padStart(3, '0') + ' >> ' + name + '\n'
+ content += '' + String(list.length - i).padStart(3, '0') + ' >> ' + escape(name) + '\n'
}
}
const fullUrl = 'https://cosmic.voyage' + req.originalUrl
@@ -144,7 +144,7 @@ app.get('*/LICENSE', function(req, res){
var file = path.join('/var/gopher/', decodeURIComponent(req.path));
fs.exists(file, function(exists) {
if (exists) {
- const file = bufferFile('/var/gopher/' + decodeURIComponent(req.path))
+ const file = escape(bufferFile('/var/gopher/' + decodeURIComponent(req.path)))
const back = '<< BACK TO RS001 LOG'
const content = back + '\n\n' + file
res.setHeader('content-type', 'text/html')
@@ -176,7 +176,7 @@ app.get('*', function(req, res){
var file = path.join('/var/gopher/', decodeURIComponent(req.path).replace(/\.html/, '.txt'));
fs.exists(file, function(exists) {
if (exists) {
- const file = bufferFile('/var/gopher/' + decodeURIComponent(req.path).replace(/\.html/, '.txt'))
+ const file = escape(bufferFile('/var/gopher/' + decodeURIComponent(req.path).replace(/\.html/, '.txt')))
const back = '<< BACK TO RS001 LOG'
const content = back + '\n\n' + file
const fullUrl = 'https://cosmic.voyage' + req.originalUrl
diff --git a/utils.js b/utils.js
index cd60a9d..a8ceff7 100644
--- a/utils.js
+++ b/utils.js
@@ -43,8 +43,13 @@ function wc (path) {
})
}
+function escape (text) {
+ return text.replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace("'", ''')
+}
+
module.exports = {
bufferFile: bufferFile,
head: head,
- wc: wc
+ wc: wc,
+ escape: escape
}