Escape URIs and titles in EPUB, closes #1849

elixir-lang · Jan 23, 2024 · c7eed84 · c7eed84
1 parent f4c71be
commit c7eed84
Show file tree

Hide file tree

Showing 7 changed files with 17 additions and 17 deletions.
diff --git a/lib/ex_doc/formatter/epub/templates.ex b/lib/ex_doc/formatter/epub/templates.ex
@@ -3,7 +3,7 @@ defmodule ExDoc.Formatter.EPUB.Templates do
 
   require EEx
 
-  import ExDoc.Utils, only: [before_closing_body_tag: 2, before_closing_head_tag: 2]
+  import ExDoc.Utils, only: [before_closing_body_tag: 2, before_closing_head_tag: 2, h: 1]
 
   alias ExDoc.Formatter.HTML
   alias ExDoc.Formatter.HTML.Templates, as: H

diff --git a/lib/ex_doc/formatter/epub/templates/content_template.eex b/lib/ex_doc/formatter/epub/templates/content_template.eex
@@ -19,12 +19,12 @@
     <item id="cover" href="title.xhtml" media-type="application/xhtml+xml" properties="scripted"/>
     <%= for {_title, extras} <- config.extras do %>
       <%= for extra <- extras do %>
-        <item id="<%= extra.id %>" href="<%= extra.id %>.xhtml" media-type="application/xhtml+xml" properties="scripted"/>
+        <item id="<%= URI.encode extra.id %>" href="<%= URI.encode extra.id %>.xhtml" media-type="application/xhtml+xml" properties="scripted"/>
       <% end %>
     <% end %>
     <%= for filter <- [:modules, :tasks] do %>
       <%= for node <- nodes[filter] do %>
-        <item id="<%= node.id %>" href="<%= node.id %>.xhtml" media-type="application/xhtml+xml" properties="scripted"/>
+        <item id="<%= URI.encode node.id %>" href="<%= URI.encode node.id %>.xhtml" media-type="application/xhtml+xml" properties="scripted"/>
       <% end %>
     <% end %>
     <%= for static_file <- static_files do %>
@@ -44,12 +44,12 @@
     <itemref idref="nav"/>
     <%= for {_title, extras} <- config.extras do %>
       <%= for extra <- extras do %>
-        <itemref idref="<%= extra.id %>"/>
+        <itemref idref="<%= URI.encode extra.id %>"/>
       <% end %>
     <% end %>
     <%= for filter <- [:modules, :tasks] do %>
       <%= for node <- nodes[filter] do %>
-        <itemref idref="<%= node.id %>"/>
+        <itemref idref="<%= URI.encode node.id %>"/>
       <% end %>
     <% end %>
   </spine>

diff --git a/lib/ex_doc/formatter/epub/templates/extra_template.eex b/lib/ex_doc/formatter/epub/templates/extra_template.eex
@@ -1,6 +1,6 @@
 <%= head_template(config, %{title: title}) %>
     <h1 id="content">
-      <%= title_content %>
+      <%=h title_content %>
     </h1>
     <%= H.link_headings(content) %>
     <%# Extra content specified by the user (e.g. custom Javascript) %>

diff --git a/lib/ex_doc/formatter/epub/templates/module_template.eex b/lib/ex_doc/formatter/epub/templates/module_template.eex
@@ -5,7 +5,7 @@
 
     <%= if deprecated = module.deprecated do %>
       <div class="deprecated">
-        This <%= module.type %> is deprecated. <%= ExDoc.Utils.h(deprecated) %>.
+        This <%= module.type %> is deprecated. <%=h deprecated %>.
       </div>
     <% end %>
 
@@ -24,7 +24,7 @@
 
     <%= for {name, nodes} <- summary, key = HTML.text_to_id(name) do %>
       <section id="<%= key %>" class="details-list">
-        <h1 class="section-heading"><%= name %></h1>
+        <h1 class="section-heading"><%=h to_string(name) %></h1>
         <div class="<%= key %>-list">
           <%= for node <- nodes, do: H.detail_template(node, module) %>
         </div>

diff --git a/lib/ex_doc/formatter/epub/templates/nav_item_template.eex b/lib/ex_doc/formatter/epub/templates/nav_item_template.eex
@@ -2,7 +2,7 @@
   <li><span><%= name %></span>
     <ol>
     <%= for node <- nodes do %>
-    <li><a href="<%= node.id %>.xhtml"><%= node.title %></a></li>
+    <li><a href="<%= URI.encode node.id %>.xhtml"><%=h node.title %></a></li>
     <% end %>
     </ol>
   </li>

diff --git a/lib/ex_doc/formatter/epub/templates/nav_template.eex b/lib/ex_doc/formatter/epub/templates/nav_template.eex
@@ -4,15 +4,15 @@
       <ol>
         <%= for {title, extras} <- config.extras do %>
           <%= if title do %>
-          <li><span><%= title %></span>
-            <ol>
+            <li><span><%=h to_string(title) %></span>
+              <ol>
           <% end %>
           <%= for extra <- extras do %>
-            <li><a href="<%= extra.id %>.xhtml"><%= extra.title %></a></li>
+              <li><a href="<%= URI.encode extra.id %>.xhtml"><%=h extra.title %></a></li>
           <% end %>
           <%= if title do %>
-            </ol>
-          </li>
+              </ol>
+            </li>
           <% end %>
         <% end %>
 

diff --git a/lib/ex_doc/formatter/epub/templates/toc_item_template.eex b/lib/ex_doc/formatter/epub/templates/toc_item_template.eex
@@ -1,8 +1,8 @@
 <%= for node <- nodes do %>
-  <navPoint id="<%= node.id %>">
+  <navPoint id="<%=URI.encode node.id %>">
     <navLabel>
-    <text><%= node.id %></text>
+    <text><%=URI.encode node.id %></text>
     </navLabel>
-    <content src="<%= node.id %>.xhtml"/>
+    <content src="<%=URI.encode node.id %>.xhtml"/>
   </navPoint>
 <% end %>