From 34e307461bca37ad9178d52d67ff6330a44a60b9 Mon Sep 17 00:00:00 2001 From: Gabriel Goller Date: Fri, 13 Sep 2024 15:10:30 +0200 Subject: [PATCH] rest-server: add custom handlebars escape fn Add a custom handlebars escape function. It's nearly identical to the default `html_escape` fn [0], but it does not escape the '='. This is needed to support base64 encoded values. [0]: https://docs.rs/handlebars/latest/handlebars/fn.html_escape.html Signed-off-by: Gabriel Goller [ TL: use full width for comment ] Signed-off-by: Thomas Lamprecht --- proxmox-rest-server/src/api_config.rs | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/proxmox-rest-server/src/api_config.rs b/proxmox-rest-server/src/api_config.rs index ddc37f22..7dbcad52 100644 --- a/proxmox-rest-server/src/api_config.rs +++ b/proxmox-rest-server/src/api_config.rs @@ -62,7 +62,7 @@ impl ApiConfig { privileged_addr: None, #[cfg(feature = "templates")] - templates: Default::default(), + templates: templates::Templates::with_escape_fn(), } } @@ -335,6 +335,31 @@ mod templates { } impl Templates { + pub fn with_escape_fn() -> Templates { + let mut registry = Handlebars::new(); + // This is the same as the default `html_escape` fn in handlebars, **but** it does not + // escape the '='. This is to preserve base64 values. + registry.register_escape_fn(|value| { + let mut output = String::new(); + for c in value.chars() { + match c { + '<' => output.push_str("<"), + '>' => output.push_str(">"), + '"' => output.push_str("""), + '&' => output.push_str("&"), + '\'' => output.push_str("'"), + '`' => output.push_str("`"), + _ => output.push(c), + } + } + output + }); + Self { + templates: RwLock::new(registry), + template_files: RwLock::new(HashMap::new()), + } + } + pub fn register

(&self, name: &str, path: P) -> Result<(), Error> where P: Into,