infrastructure/caddy-opnsense-blocker
2
Fork 0
Code Issues Activity

Fix IP details page JavaScript quoting

Browse Source
This commit is contained in:
Codex, agent ChatGPT
2026-03-12 02:23:26 +01:00
parent a82421ba3f
commit 14a711038b
2 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/web/handler.go
View File

@@ -601,7 +601,7 @@ const ipDetailsHTML = `<!doctype html>
.hint { font-size: .9rem; color: #94a3b8; margin-top: .75rem; }
</style>
</head>
<body>
<body data-ip="{{ .IP }}">
<header>
<div><a href="/">← Back</a></div>
<h1 class="mono">{{ .IP }}</h1>
@@ -646,7 +646,7 @@ const ipDetailsHTML = `<!doctype html>
</section>
</main>
<script>
const ip = {{ printf "%q" .IP }};
const ip = document.body.dataset.ip || '';
function escapeHtml(value) {
return String(value ?? '').replace(/[&<>"']/g, character => ({'&':'&amp;','<':'&lt;','>':'&gt;','"':'&quot;',"'":'&#39;'}[character]));

14
internal/web/handler_test.go
View File

@@ -77,6 +77,20 @@ func TestHandlerServesOverviewAndManualActions(t *testing.T) {
if strings.Contains(recorder.Body.String(), "Recent events") {
t.Fatalf("overview page should no longer render recent events block")
}
recorder = httptest.NewRecorder()
request = httptest.NewRequest(http.MethodGet, "/ips/203.0.113.10", nil)
handler.ServeHTTP(recorder, request)
if recorder.Code != http.StatusOK {
t.Fatalf("unexpected ip details page status: %d", recorder.Code)
}
body := recorder.Body.String()
if !strings.Contains(body, `data-ip="203.0.113.10"`) {
t.Fatalf("ip details page did not expose expected data-ip attribute: %s", body)
}
if strings.Contains(body, `const ip = "\"203.0.113.10\"";`) {
t.Fatalf("ip details page still renders a doubly quoted IP")
}
}
type stubApp struct {