Index: pkg/http_server/lib/src/virtual_directory.dart |
diff --git a/pkg/http_server/lib/src/virtual_directory.dart b/pkg/http_server/lib/src/virtual_directory.dart |
index 6eef0b4208b3811dee2e362d8612e4fd200bea9f..a5aed2466c7398eba7360df5b523d772e821a6c0 100644 |
--- a/pkg/http_server/lib/src/virtual_directory.dart |
+++ b/pkg/http_server/lib/src/virtual_directory.dart |
@@ -255,16 +255,17 @@ class VirtualDirectory { |
} |
response.headers.set(HttpHeaders.LAST_MODIFIED, stats.modified); |
- var path = request.uri.path; |
+ var path = Uri.decodeComponent(request.uri.path); |
+ var encodedPath = new HtmlEscape().convert(path); |
var header = |
'''<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" |
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
<html xmlns="http://www.w3.org/1999/xhtml"> |
<head> |
-<title>Index of $path</title> |
+<title>Index of $encodedPath</title> |
</head> |
<body> |
-<h1>Index of $path</h1> |
+<h1>Index of $encodedPath</h1> |
<table> |
<tr> |
<td>Name</td> |
@@ -286,10 +287,13 @@ $server |
void add(String name, String modified, var size) { |
if (size == null) size = "-"; |
if (modified == null) modified = ""; |
- var p = normalize(join(path, name)); |
+ var encodedLink = new HtmlEscape(HtmlEscapeMode.ATTRIBUTE) |
+ .convert(Uri.encodeComponent(normalize(join(path, name)))); |
+ var encodedName = new HtmlEscape().convert(name); |
+ |
var entry = |
''' <tr> |
- <td><a href="$p">$name</a></td> |
+ <td><a href="$encodedLink">$encodedName</a></td> |
<td>$modified</td> |
nweiz
2014/04/04 18:06:37
Escape [modified] as well. Even though it doesn't
Anders Johnsen
2014/04/07 07:03:08
Done.
|
<td style="text-align: right">$size</td> |
</tr>'''; |
@@ -331,7 +335,8 @@ $server |
return; |
} |
// Default error page. |
- var path = request.uri.path; |
+ var path = Uri.decodeComponent(request.uri.path); |
+ var encodedPath = new HtmlEscape().convert(path); |
var reason = response.reasonPhrase; |
var server = response.headers.value(HttpHeaders.SERVER); |
@@ -341,10 +346,10 @@ $server |
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
<html xmlns="http://www.w3.org/1999/xhtml"> |
<head> |
-<title>$reason: $path</title> |
+<title>$reason: $encodedPath</title> |
</head> |
<body> |
-<h1>Error $error at \'$path\': $reason</h1> |
+<h1>Error $error at \'$encodedPath\': $reason</h1> |
nweiz
2014/04/04 18:06:37
Escape [error] and [reason].
Anders Johnsen
2014/04/07 07:03:08
Done.
|
$server |
</body> |
</html>'''; |