escape bs in pre tags

author: colin <colin@cicadas.surf> 2024-08-11 21:26:01 -0700
committer: colin <colin@cicadas.surf> 2024-08-11 21:26:01 -0700
commit: adc2c881c77368abb8433b6a37367245d3bfbe3f (patch)
tree: 067b67ef2b6c1b7accaab82c814409dc8d8bfcf9 /pastiche.lisp
parent: 2e8c3d805690fce6d19fffb4ba024e1989c18825 (diff)
1 files changed, 15 insertions, 1 deletions
diff --git a/pastiche.lisp b/pastiche.lisp
index e5141ae..2c16af5 100644
--- a/pastiche.lisp
+++ b/pastiche.lisp
@@ -149,6 +149,20 @@ E.g. you'd put this in a file.
     "A regular expression accepting paste file names, the sort returned
 from make-paste-filename."))
 
+(defun write-escaped-char (char &optional (stream *standard-output*))
+  (case char
+    (#\< (write-string "&lt;" stream))
+    (#\> (write-string "&gt;" stream))
+    (#\& (write-string "&amp;" stream))
+    (#\' (write-string "&#39;" stream))
+    (#\" (write-string "&quot;" stream))
+    (t (write-char char stream))))
+
+(defun escape-html-in-paste-content (str)
+  (with-output-to-string (*standard-output*)
+   (loop :for char :across str
+         :do (write-escaped-char char))))
+
 (http:defendpoint get-paste
   :get :route "paste" (:id +paste-id-regex+)
   :returns "text/html"
@@ -170,7 +184,7 @@ from make-paste-filename."))
        (html:<html>
         (html:<body>
          (html:<h2> (title paste))
-         (html:<pre> content)))
+         (html:<pre> (escape-html-in-paste-content content))))
        out))))
author	colin <colin@cicadas.surf>	2024-08-11 21:26:01 -0700
committer	colin <colin@cicadas.surf>	2024-08-11 21:26:01 -0700
commit	adc2c881c77368abb8433b6a37367245d3bfbe3f (patch)
tree	067b67ef2b6c1b7accaab82c814409dc8d8bfcf9 /pastiche.lisp
parent	2e8c3d805690fce6d19fffb4ba024e1989c18825 (diff)