fix: special characters in album titles

2025-01-18 01:11:33 +00:00 · 2023-12-06 05:55:50 +07:00 · 2023-12-06 05:55:50 +07:00 · d49c337dad
commit d49c337dad
parent 29eb1c9550
7 changed files with 33 additions and 56 deletions
--- a/controllers/albumsController.js
+++ b/controllers/albumsController.js
@ -452,7 +452,7 @@ self.edit = async (req, res) => {
      identifier: update.identifier
    })
  } else {
-    return res.json({ success: true, name })
+    return res.json({ success: true, name: utils.unescape(name) })
  }
 }

--- a/controllers/middlewares/NunjucksRenderer.js
+++ b/controllers/middlewares/NunjucksRenderer.js
@ -54,7 +54,8 @@ class NunjucksRenderer {
        resolve(html)
      })
    }).then(html => {
-      res.type('html').send(html)
+      res.header('Content-Type', 'text/html; charset=utf-8')
+      res.send(html)
      return html
    })
  }
--- a/controllers/utilsController.js
+++ b/controllers/utilsController.js
@ -292,56 +292,30 @@ self.extname = (filename, lower) => {
  return lower ? str.toLowerCase() : str
 }

+const escapeMap = {
+  '&': '&amp;',
+  '"': '&quot;',
+  '\'': '&#39;',
+  '<': '&lt;',
+  '>': '&gt;',
+  '\\': '&#92;'
+}
+
+const escapeRegex = /[&"'<>\\]/g
+
+const unescapeMap = Object.keys(escapeMap).reduce((ret, key) => {
+  ret[escapeMap[key]] = key
+  return ret
+}, {})
+
+const unescapeRegex = /&(amp|quot|#39|lt|gt|#92);/g
+
 self.escape = string => {
-  // MIT License
-  // Copyright(c) 2012-2013 TJ Holowaychuk
-  // Copyright(c) 2015 Andreas Lubbe
-  // Copyright(c) 2015 Tiancheng "Timothy" Gu
+  return string.replace(escapeRegex, key => escapeMap[key])
+}

-  if (!string) return string
-
-  const str = String(string)
-  const match = /["'&<>]/.exec(str)
-
-  if (!match) return str
-
-  let escape
-  let html = ''
-  let index = 0
-  let lastIndex = 0
-
-  for (index = match.index; index < str.length; index++) {
-    switch (str.charCodeAt(index)) {
-      case 34: // "
-        escape = '&quot;'
-        break
-      case 38: // &
-        escape = '&amp;'
-        break
-      case 39: // '
-        escape = '&#39;'
-        break
-      case 60: // <
-        escape = '&lt;'
-        break
-      case 62: // >
-        escape = '&gt;'
-        break
-      default:
-        continue
-    }
-
-    if (lastIndex !== index) {
-      html += str.substring(lastIndex, index)
-    }
-
-    lastIndex = index + 1
-    html += escape
-  }
-
-  return lastIndex !== index
-    ? html + str.substring(lastIndex, index)
-    : html
+self.unescape = string => {
+  return string.replace(unescapeRegex, key => unescapeMap[key])
 }

 self.stripIndents = string => {
--- a/routes/album.js
+++ b/routes/album.js
@ -23,6 +23,7 @@ routes.get('/a/:identifier', async (req, res) => {
    return errors.handleNotFound(req, res)
  }

+  album.name = utils.unescape(album.name)
  const nojs = req.query_parameters.nojs !== undefined

  let cacheid
@ -32,7 +33,8 @@ routes.get('/a/:identifier', async (req, res) => {

    const cache = utils.albumRenderStore.get(cacheid)
    if (cache) {
-      return res.type('html').send(cache)
+      res.header('Content-Type', 'text/html; charset=utf-8')
+      return res.send(cache)
    } else if (cache === null) {
      return res.render('album-notice', {
        config,
--- a/views/_layout.njk
+++ b/views/_layout.njk
@ -22,7 +22,7 @@
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">

-    <title>{{ title }}</title>
+    <title>{{ title | safe }}</title>

    {% block stylesheets %}
    <!-- Stylesheets -->
@ -33,7 +33,7 @@
    <!-- Open Graph tags -->
    <meta property="og:url" content="{{ url }}" />
    <meta property="og:type" content="website" />
-    <meta property="og:title" content="{{ title }}" />
+    <meta property="og:title" content="{{ title | safe }}" />
    <meta property="og:description" content="{{ metaDesc or globals.description }}" />
    {%- if metaImage %}
    <meta property="og:image" content="{{ metaImage }}" />
@ -48,7 +48,7 @@

    <!-- Twitter Card tags -->
    <meta name="twitter:card" content="summary_large_image">
-    <meta name="twitter:title" content="{{ title }}">
+    <meta name="twitter:title" content="{{ title | safe }}">
    <meta name="twitter:description" content="{{ metaDesc or globals.description }}">
    {%- if metaImage %}
    <meta name="twitter:image" content="{{ metaImage }}">
--- a/views/album-notice.njk
+++ b/views/album-notice.njk
@ -1,5 +1,5 @@
 {% set metaTitle %}
-{{- album.name | truncate(60, true, '…') -}}
+{{- album.name | safe | truncate(60, true, '…') -}}
 {% endset %}
 {% set metaDesc = album.description | striptags | truncate(200, true, '…') %}
 {% set metaUrl = '/' + album.url %}
--- a/views/album.njk
+++ b/views/album.njk
@ -1,5 +1,5 @@
 {% set metaTitle %}
-{{- album.name | truncate(60, true, '…') + ' – ' + files.length + ' file' + ('s' if files.length !== 1) -}}
+{{- album.name | safe | truncate(60, true, '…') }} - {{ files.length + ' file' + ('s' if files.length !== 1) -}}
 {% endset %}
 {% set metaDesc = album.description | striptags | truncate(200, true, '…') %}
 {% set metaUrl = '/' + album.url %}