Fix error page generation (#145)

Co-authored-by: crapStone <crapstone01@gmail.com>
Reviewed-on: https://codeberg.org/Codeberg/pages-server/pulls/145
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: 6543 <6543@obermui.de>
Co-authored-by: crapStone <crapstone@noreply.codeberg.org>
Co-committed-by: crapStone <crapstone@noreply.codeberg.org>
This commit is contained in:
crapStone 2022-12-04 21:24:58 +00:00 committed by 6543
parent dcf03fc078
commit 9d769aeee7
3 changed files with 57 additions and 16 deletions

View File

@ -38,10 +38,10 @@ tool-gofumpt:
fi
test:
go test -race codeberg.org/codeberg/pages/server/...
go test -race codeberg.org/codeberg/pages/server/... codeberg.org/codeberg/pages/html/
test-run TEST:
go test -race -run "^{{TEST}}$" codeberg.org/codeberg/pages/server/...
go test -race -run "^{{TEST}}$" codeberg.org/codeberg/pages/server/... codeberg.org/codeberg/pages/html/
integration:
go test -race -tags integration codeberg.org/codeberg/pages/integration/...

View File

@ -15,16 +15,27 @@ func ReturnErrorPage(ctx *context.Context, msg string, statusCode int) {
ctx.RespWriter.Header().Set("Content-Type", "text/html; charset=utf-8")
ctx.RespWriter.WriteHeader(statusCode)
if msg == "" {
msg = errorBody(statusCode)
} else {
// TODO: use template engine
msg = strings.ReplaceAll(strings.ReplaceAll(ErrorPage, "%message%", msg), "%status%", http.StatusText(statusCode))
}
msg = generateResponse(msg, statusCode)
_, _ = ctx.RespWriter.Write([]byte(msg))
}
// TODO: use template engine
func generateResponse(msg string, statusCode int) string {
if msg == "" {
msg = strings.ReplaceAll(NotFoundPage,
"%status%",
strconv.Itoa(statusCode)+" "+errorMessage(statusCode))
} else {
msg = strings.ReplaceAll(
strings.ReplaceAll(ErrorPage, "%message%", template.HTMLEscapeString(msg)),
"%status%",
http.StatusText(statusCode))
}
return msg
}
func errorMessage(statusCode int) string {
message := http.StatusText(statusCode)
@ -37,11 +48,3 @@ func errorMessage(statusCode int) string {
return message
}
// TODO: use template engine
func errorBody(statusCode int) string {
return template.HTMLEscapeString(
strings.ReplaceAll(NotFoundPage,
"%status%",
strconv.Itoa(statusCode)+" "+errorMessage(statusCode)))
}

38
html/error_test.go Normal file
View File

@ -0,0 +1,38 @@
package html
import (
"net/http"
"strings"
"testing"
)
func TestValidMessage(t *testing.T) {
testString := "requested blacklisted path"
statusCode := http.StatusForbidden
expected := strings.ReplaceAll(
strings.ReplaceAll(ErrorPage, "%message%", testString),
"%status%",
http.StatusText(statusCode))
actual := generateResponse(testString, statusCode)
if expected != actual {
t.Errorf("generated response did not match: expected: '%s', got: '%s'", expected, actual)
}
}
func TestMessageWithHtml(t *testing.T) {
testString := `abc<img src=1 onerror=alert("xss");`
escapedString := "abc&lt;img src=1 onerror=alert(&#34;xss&#34;);"
statusCode := http.StatusNotFound
expected := strings.ReplaceAll(
strings.ReplaceAll(ErrorPage, "%message%", escapedString),
"%status%",
http.StatusText(statusCode))
actual := generateResponse(testString, statusCode)
if expected != actual {
t.Errorf("generated response did not match: expected: '%s', got: '%s'", expected, actual)
}
}