fix(util/gpage): html.EscapeString for pagination HTML generation and URL parsing (#4079)

houseme · web-flow · commit 9ce240965988 · 2024-12-26T16:21:30.000+08:00
diff --git a/util/gpage/gpage.go b/util/gpage/gpage.go
@@ -164,7 +164,7 @@ func (p *Page) GetContent(mode int) string {
 		p.FirstPageTag = "首页"
 		p.LastPageTag = "尾页"
 		return fmt.Sprintf(
-			`%s%s<span class="current">[第%d页]</span>%s%s第%s页`,
+			`%s%s<span class="current">[第 %d 页]</span>%s%s第%s页`,
 			p.FirstPage(),
 			p.PrevPage(),
 			p.CurrentPage,
@@ -184,7 +184,7 @@ func (p *Page) GetContent(mode int) string {
 		pageStr += p.NextPage()
 		pageStr += p.LastPage()
 		pageStr += fmt.Sprintf(
-			`<span>当前页%d/%d</span> <span>共%d条</span>`,
+			`<span>当前页 %d/%d</span> <span>共 %d 条</span>`,
 			p.CurrentPage,
 			p.TotalPage,
 			p.TotalSize,
@@ -210,20 +210,24 @@ func (p *Page) GetContent(mode int) string {
 // The UrlTemplate attribute can be a URL or URI string containing the "{.page}" placeholder,
 // which will be replaced by the actual page number.
 func (p *Page) GetUrl(page int) string {
-	return gstr.Replace(p.UrlTemplate, DefaultPagePlaceHolder, gconv.String(page))
+	return html.EscapeString(gstr.Replace(p.UrlTemplate, DefaultPagePlaceHolder, gconv.String(page)))
 }
 
 // GetLink returns the HTML link tag `a` content for given page number.
 func (p *Page) GetLink(page int, text, title string) string {
+	var (
+		escapedTitle = html.EscapeString(title)
+		escapedText  = html.EscapeString(text)
+	)
 	if len(p.AjaxActionName) > 0 {
 		return fmt.Sprintf(
 			`<a class="%s" href="javascript:%s('%s')" title="%s">%s</a>`,
-			p.LinkStyle, p.AjaxActionName, p.GetUrl(page), html.EscapeString(title), text,
+			p.LinkStyle, p.AjaxActionName, p.GetUrl(page), escapedTitle, escapedText,
 		)
 	} else {
 		return fmt.Sprintf(
 			`<a class="%s" href="%s" title="%s">%s</a>`,
-			p.LinkStyle, p.GetUrl(page), html.EscapeString(title), text,
+			p.LinkStyle, p.GetUrl(page), escapedTitle, escapedText,
 		)
 	}
 }
diff --git a/util/gpage/gpage_z_unit_test.go b/util/gpage/gpage_z_unit_test.go
@@ -33,27 +33,27 @@ func Test_New(t *testing.T) {
 func Test_Basic(t *testing.T) {
 	gtest.C(t, func(t *gtest.T) {
 		page := gpage.New(9, 2, 1, `/user/list?page={.page}`)
-		t.Assert(page.NextPage(), `<a class="GPageLink" href="/user/list?page=2" title="">></a>`)
+		t.Assert(page.NextPage(), `<a class="GPageLink" href="/user/list?page=2" title="">&gt;</a>`)
 		t.Assert(page.PrevPage(), `<span class="GPageSpan"><</span>`)
 		t.Assert(page.FirstPage(), `<span class="GPageSpan">|<</span>`)
-		t.Assert(page.LastPage(), `<a class="GPageLink" href="/user/list?page=5" title="">>|</a>`)
+		t.Assert(page.LastPage(), `<a class="GPageLink" href="/user/list?page=5" title="">&gt;|</a>`)
 		t.Assert(page.PageBar(), `<span class="GPageSpan">1</span><a class="GPageLink" href="/user/list?page=2" title="2">2</a><a class="GPageLink" href="/user/list?page=3" title="3">3</a><a class="GPageLink" href="/user/list?page=4" title="4">4</a><a class="GPageLink" href="/user/list?page=5" title="5">5</a>`)
 	})
 
 	gtest.C(t, func(t *gtest.T) {
 		page := gpage.New(9, 2, 3, `/user/list?page={.page}`)
-		t.Assert(page.NextPage(), `<a class="GPageLink" href="/user/list?page=4" title="">></a>`)
-		t.Assert(page.PrevPage(), `<a class="GPageLink" href="/user/list?page=2" title=""><</a>`)
-		t.Assert(page.FirstPage(), `<a class="GPageLink" href="/user/list?page=1" title="">|<</a>`)
-		t.Assert(page.LastPage(), `<a class="GPageLink" href="/user/list?page=5" title="">>|</a>`)
+		t.Assert(page.NextPage(), `<a class="GPageLink" href="/user/list?page=4" title="">&gt;</a>`)
+		t.Assert(page.PrevPage(), `<a class="GPageLink" href="/user/list?page=2" title="">&lt;</a>`)
+		t.Assert(page.FirstPage(), `<a class="GPageLink" href="/user/list?page=1" title="">|&lt;</a>`)
+		t.Assert(page.LastPage(), `<a class="GPageLink" href="/user/list?page=5" title="">&gt;|</a>`)
 		t.Assert(page.PageBar(), `<a class="GPageLink" href="/user/list?page=1" title="1">1</a><a class="GPageLink" href="/user/list?page=2" title="2">2</a><span class="GPageSpan">3</span><a class="GPageLink" href="/user/list?page=4" title="4">4</a><a class="GPageLink" href="/user/list?page=5" title="5">5</a>`)
 	})
 
 	gtest.C(t, func(t *gtest.T) {
 		page := gpage.New(9, 2, 5, `/user/list?page={.page}`)
 		t.Assert(page.NextPage(), `<span class="GPageSpan">></span>`)
-		t.Assert(page.PrevPage(), `<a class="GPageLink" href="/user/list?page=4" title=""><</a>`)
-		t.Assert(page.FirstPage(), `<a class="GPageLink" href="/user/list?page=1" title="">|<</a>`)
+		t.Assert(page.PrevPage(), `<a class="GPageLink" href="/user/list?page=4" title="">&lt;</a>`)
+		t.Assert(page.FirstPage(), `<a class="GPageLink" href="/user/list?page=1" title="">|&lt;</a>`)
 		t.Assert(page.LastPage(), `<span class="GPageSpan">>|</span>`)
 		t.Assert(page.PageBar(), `<a class="GPageLink" href="/user/list?page=1" title="1">1</a><a class="GPageLink" href="/user/list?page=2" title="2">2</a><a class="GPageLink" href="/user/list?page=3" title="3">3</a><a class="GPageLink" href="/user/list?page=4" title="4">4</a><span class="GPageSpan">5</span>`)
 	})
@@ -82,10 +82,10 @@ func Test_CustomStyle(t *testing.T) {
 		page.LinkStyle = "MyPageLink"
 		page.SpanStyle = "MyPageSpan"
 		page.SelectStyle = "MyPageSelect"
-		t.Assert(page.NextPage(), `<a class="MyPageLink" href="/user/list/3" title="">></a>`)
-		t.Assert(page.PrevPage(), `<a class="MyPageLink" href="/user/list/1" title=""><</a>`)
-		t.Assert(page.FirstPage(), `<a class="MyPageLink" href="/user/list/1" title="">|<</a>`)
-		t.Assert(page.LastPage(), `<a class="MyPageLink" href="/user/list/5" title="">>|</a>`)
+		t.Assert(page.NextPage(), `<a class="MyPageLink" href="/user/list/3" title="">&gt;</a>`)
+		t.Assert(page.PrevPage(), `<a class="MyPageLink" href="/user/list/1" title="">&lt;</a>`)
+		t.Assert(page.FirstPage(), `<a class="MyPageLink" href="/user/list/1" title="">|&lt;</a>`)
+		t.Assert(page.LastPage(), `<a class="MyPageLink" href="/user/list/5" title="">&gt;|</a>`)
 		t.Assert(page.PageBar(), `<a class="MyPageLink" href="/user/list/1" title="1">1</a><span class="MyPageSpan">2</span><a class="MyPageLink" href="/user/list/3" title="3">3</a><a class="MyPageLink" href="/user/list/4" title="4">4</a><a class="MyPageLink" href="/user/list/5" title="5">5</a>`)
 		t.Assert(page.SelectBar(), `<select name="MyPageSelect" onchange="window.location.href=this.value"><option value="/user/list/1">1</option><option value="/user/list/2" selected>2</option><option value="/user/list/3">3</option><option value="/user/list/4">4</option><option value="/user/list/5">5</option></select>`)
 	})
@@ -95,10 +95,10 @@ func Test_Ajax(t *testing.T) {
 	gtest.C(t, func(t *gtest.T) {
 		page := gpage.New(5, 1, 2, `/user/list/{.page}`)
 		page.AjaxActionName = "LoadPage"
-		t.Assert(page.NextPage(), `<a class="GPageLink" href="javascript:LoadPage('/user/list/3')" title="">></a>`)
-		t.Assert(page.PrevPage(), `<a class="GPageLink" href="javascript:LoadPage('/user/list/1')" title=""><</a>`)
-		t.Assert(page.FirstPage(), `<a class="GPageLink" href="javascript:LoadPage('/user/list/1')" title="">|<</a>`)
-		t.Assert(page.LastPage(), `<a class="GPageLink" href="javascript:LoadPage('/user/list/5')" title="">>|</a>`)
+		t.Assert(page.NextPage(), `<a class="GPageLink" href="javascript:LoadPage('/user/list/3')" title="">&gt;</a>`)
+		t.Assert(page.PrevPage(), `<a class="GPageLink" href="javascript:LoadPage('/user/list/1')" title="">&lt;</a>`)
+		t.Assert(page.FirstPage(), `<a class="GPageLink" href="javascript:LoadPage('/user/list/1')" title="">|&lt;</a>`)
+		t.Assert(page.LastPage(), `<a class="GPageLink" href="javascript:LoadPage('/user/list/5')" title="">&gt;|</a>`)
 		t.Assert(page.PageBar(), `<a class="GPageLink" href="javascript:LoadPage('/user/list/1')" title="1">1</a><span class="GPageSpan">2</span><a class="GPageLink" href="javascript:LoadPage('/user/list/3')" title="3">3</a><a class="GPageLink" href="javascript:LoadPage('/user/list/4')" title="4">4</a><a class="GPageLink" href="javascript:LoadPage('/user/list/5')" title="5">5</a>`)
 	})
 }
@@ -108,8 +108,8 @@ func Test_PredefinedContent(t *testing.T) {
 		page := gpage.New(5, 1, 2, `/user/list/{.page}`)
 		page.AjaxActionName = "LoadPage"
 		t.Assert(page.GetContent(1), `<a class="GPageLink" href="javascript:LoadPage('/user/list/1')" title="">上一页</a> <span class="current">2</span> <a class="GPageLink" href="javascript:LoadPage('/user/list/3')" title="">下一页</a>`)
-		t.Assert(page.GetContent(2), `<a class="GPageLink" href="javascript:LoadPage('/user/list/1')" title="">首页</a><a class="GPageLink" href="javascript:LoadPage('/user/list/1')" title=""><<上一页</a><span class="current">[第2页]</span><a class="GPageLink" href="javascript:LoadPage('/user/list/3')" title="">下一页>></a><a class="GPageLink" href="javascript:LoadPage('/user/list/5')" title="">尾页</a>第<select name="GPageSelect" onchange="window.location.href=this.value"><option value="/user/list/1">1</option><option value="/user/list/2" selected>2</option><option value="/user/list/3">3</option><option value="/user/list/4">4</option><option value="/user/list/5">5</option></select>页`)
-		t.Assert(page.GetContent(3), `<a class="GPageLink" href="javascript:LoadPage('/user/list/1')" title="">首页</a><a class="GPageLink" href="javascript:LoadPage('/user/list/1')" title="">上一页</a><a class="GPageLink" href="javascript:LoadPage('/user/list/1')" title="1">1</a><span class="GPageSpan">2</span><a class="GPageLink" href="javascript:LoadPage('/user/list/3')" title="3">3</a><a class="GPageLink" href="javascript:LoadPage('/user/list/4')" title="4">4</a><a class="GPageLink" href="javascript:LoadPage('/user/list/5')" title="5">5</a><a class="GPageLink" href="javascript:LoadPage('/user/list/3')" title="">下一页</a><a class="GPageLink" href="javascript:LoadPage('/user/list/5')" title="">尾页</a><span>当前页2/5</span> <span>共5条</span>`)
+		t.Assert(page.GetContent(2), `<a class="GPageLink" href="javascript:LoadPage('/user/list/1')" title="">首页</a><a class="GPageLink" href="javascript:LoadPage('/user/list/1')" title="">&lt;&lt;上一页</a><span class="current">[第 2 页]</span><a class="GPageLink" href="javascript:LoadPage('/user/list/3')" title="">下一页&gt;&gt;</a><a class="GPageLink" href="javascript:LoadPage('/user/list/5')" title="">尾页</a>第<select name="GPageSelect" onchange="window.location.href=this.value"><option value="/user/list/1">1</option><option value="/user/list/2" selected>2</option><option value="/user/list/3">3</option><option value="/user/list/4">4</option><option value="/user/list/5">5</option></select>页`)
+		t.Assert(page.GetContent(3), `<a class="GPageLink" href="javascript:LoadPage('/user/list/1')" title="">首页</a><a class="GPageLink" href="javascript:LoadPage('/user/list/1')" title="">上一页</a><a class="GPageLink" href="javascript:LoadPage('/user/list/1')" title="1">1</a><span class="GPageSpan">2</span><a class="GPageLink" href="javascript:LoadPage('/user/list/3')" title="3">3</a><a class="GPageLink" href="javascript:LoadPage('/user/list/4')" title="4">4</a><a class="GPageLink" href="javascript:LoadPage('/user/list/5')" title="5">5</a><a class="GPageLink" href="javascript:LoadPage('/user/list/3')" title="">下一页</a><a class="GPageLink" href="javascript:LoadPage('/user/list/5')" title="">尾页</a><span>当前页 2/5</span> <span>共 5 条</span>`)
 		t.Assert(page.GetContent(4), `<a class="GPageLink" href="javascript:LoadPage('/user/list/1')" title="">首页</a><a class="GPageLink" href="javascript:LoadPage('/user/list/1')" title="">上一页</a><a class="GPageLink" href="javascript:LoadPage('/user/list/1')" title="1">1</a><span class="GPageSpan">2</span><a class="GPageLink" href="javascript:LoadPage('/user/list/3')" title="3">3</a><a class="GPageLink" href="javascript:LoadPage('/user/list/4')" title="4">4</a><a class="GPageLink" href="javascript:LoadPage('/user/list/5')" title="5">5</a><a class="GPageLink" href="javascript:LoadPage('/user/list/3')" title="">下一页</a><a class="GPageLink" href="javascript:LoadPage('/user/list/5')" title="">尾页</a>`)
 		t.Assert(page.GetContent(5), ``)
 	})
