We use cookies to ensure you get the best experience on our website
Home Explore Help
Sign In
mirror
/
golang-fave
mirror of https://github.com/vladimirok5959/golang-fave.git
2
0
Fork 0
Files Wiki
Browse Source

EscapeString for form input value

Vova Tkach 6 years ago
parent
512718ba84
commit
9b27aed69b
1 changed files with 6 additions and 6 deletions
Unified View Show Diff Stats
  1. 6 6
      engine/backend/modules/modules.go

+ 6 - 6
engine/backend/modules/modules.go
View File 

@@ -294,7 +294,7 @@ func (this *Module) data_form(data []dataFormField) string {
 
 			if field.hook != nil {
 
 			if field.hook != nil {
 
 				result += field.hook(&field)
 
 				result += field.hook(&field)
 
 			} else {
 
 			} else {
 
-				result += `<input type="hidden" name="` + field.name + `" value="` + field.value + `">`
 
+				result += `<input type="hidden" name="` + field.name + `" value="` + html.EscapeString(field.value) + `">`
 
 			}
 
 			}
 
 		}
 
 		}
 
 	}
 
 	}
 
@@ -312,13 +312,13 @@ func (this *Module) data_form(data []dataFormField) string {
 
 				result += `<div class="col-9">`
 
 				result += `<div class="col-9">`
 
 				result += `<div>`
 
 				result += `<div>`
 
 				if field.kind == dfkText {
 
 				if field.kind == dfkText {
 
-					result += `<input class="form-control" type="text" id="lbl_` + field.name + `" name="` + field.name + `" value="` + field.value + `" placeholder="` + field.placeholder + `" autocomplete="off">`
 
+					result += `<input class="form-control" type="text" id="lbl_` + field.name + `" name="` + field.name + `" value="` + html.EscapeString(field.value) + `" placeholder="` + field.placeholder + `" autocomplete="off">`
 
 				} else if field.kind == dfkEmail {
 
 				} else if field.kind == dfkEmail {
 
-					result += `<input class="form-control" type="email" id="lbl_` + field.name + `" name="` + field.name + `" value="` + field.value + `" placeholder="` + field.placeholder + `" autocomplete="off">`
 
+					result += `<input class="form-control" type="email" id="lbl_` + field.name + `" name="` + field.name + `" value="` + html.EscapeString(field.value) + `" placeholder="` + field.placeholder + `" autocomplete="off">`
 
 				} else if field.kind == dfkPassword {
 
 				} else if field.kind == dfkPassword {
 
-					result += `<input class="form-control" type="password" id="lbl_` + field.name + `" name="` + field.name + `" value="` + field.value + `" placeholder="` + field.placeholder + `" autocomplete="off">`
 
+					result += `<input class="form-control" type="password" id="lbl_` + field.name + `" name="` + field.name + `" value="` + html.EscapeString(field.value) + `" placeholder="` + field.placeholder + `" autocomplete="off">`
 
 				} else if field.kind == dfkTextArea {
 
 				} else if field.kind == dfkTextArea {
 
-					result += `<textarea class="form-control" id="lbl_` + field.name + `" name="` + field.name + `" placeholder="` + field.placeholder + `" autocomplete="off">` + field.value + `</textarea>`
 
+					result += `<textarea class="form-control" id="lbl_` + field.name + `" name="` + field.name + `" placeholder="` + field.placeholder + `" autocomplete="off">` + html.EscapeString(field.value) + `</textarea>`
 
 				}
 
 				}
 
 				result += `</div>`
 
 				result += `</div>`
 
 				if field.hint != "" {
 
 				if field.hint != "" {
 
@@ -340,7 +340,7 @@ func (this *Module) data_form(data []dataFormField) string {
 
 				result += `&nbsp;`
 
 				result += `&nbsp;`
 
 				result += `</div>`
 
 				result += `</div>`
 
 				result += `<div class="col-9">`
 
 				result += `<div class="col-9">`
 
-				result += `<button type="submit" class="btn btn-primary" data-target="` + field.target + `">` + field.value + `</button>`
 
+				result += `<button type="submit" class="btn btn-primary" data-target="` + field.target + `">` + html.EscapeString(field.value) + `</button>`
 
 				result += `</div>`
 
 				result += `</div>`
 
 				result += `</div>`
 
 				result += `</div>`
 
 			}
 
 			}