From f05b2555117b631eba0ec55fc1ac6d4c9abb8605 Mon Sep 17 00:00:00 2001
From: f0x52 <f@0x52.eu>
Date: Tue, 13 Jul 2021 16:05:03 +0200
Subject: [PATCH] Noescape (#88)

* disable html escaping for short description

* provide noescape function for templates

* move template functions before template loading

* go fmt

* linter fixes
---
 internal/router/router.go   |  3 +++
 internal/router/template.go | 11 +++++++++++
 internal/web/base.go        |  4 ++++
 web/template/index.tmpl     |  2 +-
 4 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/internal/router/router.go b/internal/router/router.go
index a77b7071e..87a84922c 100644
--- a/internal/router/router.go
+++ b/internal/router/router.go
@@ -126,6 +126,9 @@ func New(cfg *config.Config, db db.DB, logger *logrus.Logger) (Router, error) {
 		return nil, err
 	}
 
+	// set template functions
+	loadTemplateFunctions(engine)
+
 	// load templates onto the engine
 	if err := loadTemplates(cfg, engine); err != nil {
 		return nil, err
diff --git a/internal/router/template.go b/internal/router/template.go
index cd1eb11db..787ade799 100644
--- a/internal/router/template.go
+++ b/internal/router/template.go
@@ -2,6 +2,7 @@ package router
 
 import (
 	"fmt"
+	"html/template"
 	"os"
 	"path/filepath"
 
@@ -21,3 +22,13 @@ func loadTemplates(cfg *config.Config, engine *gin.Engine) error {
 	engine.LoadHTMLGlob(tmPath)
 	return nil
 }
+
+func noescape(str string) template.HTML {
+	return template.HTML(str)
+}
+
+func loadTemplateFunctions(engine *gin.Engine) {
+	engine.SetFuncMap(template.FuncMap{
+		"noescape": noescape,
+	})
+}
diff --git a/internal/web/base.go b/internal/web/base.go
index 8b2152767..9eea4a6ef 100644
--- a/internal/web/base.go
+++ b/internal/web/base.go
@@ -101,5 +101,9 @@ func (m *Module) Route(s router.Router) error {
 	// 404 handler
 	s.AttachNoRouteHandler(m.NotFoundHandler)
 
+	if err != nil {
+		return fmt.Errorf("error setting router FuncMap: %s", err)
+	}
+
 	return nil
 }
diff --git a/web/template/index.tmpl b/web/template/index.tmpl
index ba48e92ec..de84d430f 100644
--- a/web/template/index.tmpl
+++ b/web/template/index.tmpl
@@ -9,7 +9,7 @@
 
 	<h3>This is the default landing page, you can edit it from <span class="accent">./web/template/index.tmpl</span></h1>
 	<p>
-		{{.instance.ShortDescription}}
+		{{.instance.ShortDescription |noescape}}
 	</p>
 </section>