Merge pull request #2435 from noffle/use-net-url-escaping

use net/url to escape paths in web-ui

core/corehttp/gateway_indexPage.go

@@ -2,6 +2,7 @@ package corehttp
 
 import (
 	"html/template"
+	"net/url"
 	"path"
 	"strings"
 
@@ -45,6 +46,12 @@ func init() {
 		return "ipfs-" + ext[1:] // slice of the first dot
 	}
 
+	// custom template-escaping function to escape a full path, including '#' and '?'
+	urlEscape := func(rawUrl string) string {
+		pathUrl := url.URL{Path: rawUrl}
+		return pathUrl.String()
+	}
+
 	// Directory listing template
 	dirIndexBytes, err := assets.Asset(assetPath + "dir-index.html")
 	if err != nil {
@@ -53,5 +60,6 @@ func init() {
 
 	listingTemplate = template.Must(template.New("dir").Funcs(template.FuncMap{
 		"iconFromExt": iconFromExt,
+		"urlEscape":   urlEscape,
 	}).Parse(string(dirIndexBytes)))
 }

core/corehttp/gateway_test.go

@@ -261,7 +261,7 @@ func TestIPNSHostnameBacklinks(t *testing.T) {
 		t.Fatal(err)
 	}
 	dagn2.AddNodeLink("bar", dagn3)
-	dagn1.AddNodeLink("foo", dagn2)
+	dagn1.AddNodeLink("foo? #<'", dagn2)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -279,7 +279,7 @@ func TestIPNSHostnameBacklinks(t *testing.T) {
 	ns["/ipns/example.net"] = path.FromString("/ipfs/" + k.String())
 
 	// make request to directory listing
-	req, err := http.NewRequest("GET", ts.URL+"/foo/", nil)
+	req, err := http.NewRequest("GET", ts.URL+"/foo%3F%20%23%3C%27/", nil)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -298,13 +298,13 @@ func TestIPNSHostnameBacklinks(t *testing.T) {
 	s := string(body)
 	t.Logf("body: %s\n", string(body))
 
-	if !strings.Contains(s, "Index of /foo/") {
+	if !strings.Contains(s, "Index of /foo? #&lt;&#39;/") {
 		t.Fatalf("expected a path in directory listing")
 	}
 	if !strings.Contains(s, "<a href=\"/\">") {
 		t.Fatalf("expected backlink in directory listing")
 	}
-	if !strings.Contains(s, "<a href=\"/foo/file.txt\">") {
+	if !strings.Contains(s, "<a href=\"/foo%3F%20%23%3C%27/file.txt\">") {
 		t.Fatalf("expected file in directory listing")
 	}
 
@@ -339,7 +339,7 @@ func TestIPNSHostnameBacklinks(t *testing.T) {
 	}
 
 	// make request to directory listing
-	req, err = http.NewRequest("GET", ts.URL+"/foo/bar/", nil)
+	req, err = http.NewRequest("GET", ts.URL+"/foo%3F%20%23%3C%27/bar/", nil)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -358,13 +358,13 @@ func TestIPNSHostnameBacklinks(t *testing.T) {
 	s = string(body)
 	t.Logf("body: %s\n", string(body))
 
-	if !strings.Contains(s, "Index of /foo/bar/") {
+	if !strings.Contains(s, "Index of /foo? #&lt;&#39;/bar/") {
 		t.Fatalf("expected a path in directory listing")
 	}
-	if !strings.Contains(s, "<a href=\"/foo/\">") {
+	if !strings.Contains(s, "<a href=\"/foo%3F%20%23%3C%27/\">") {
 		t.Fatalf("expected backlink in directory listing")
 	}
-	if !strings.Contains(s, "<a href=\"/foo/bar/file.txt\">") {
+	if !strings.Contains(s, "<a href=\"/foo%3F%20%23%3C%27/bar/file.txt\">") {
 		t.Fatalf("expected file in directory listing")
 	}
 

vendor/dir-index-html-v1.0.0/README.md

@@ -0,0 +1,6 @@
+# dir-index-html
+
+directory listing html for go-ipfs gateways.
+
+![](http://gateway.ipfs.io/ipfs/Qmf82jUC9ZuoSTCNY55hyx3HmiDed3WnhFD5PC7CTSPmC2/cap.png)
+

vendor/dir-index-html-v1.0.0/dir-index-uncat.html

@@ -0,0 +1,62 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8" />
+  <!-- TODO: seed these - maybe like the starter ex or the webui? -->
+  <link rel="stylesheet" href="/ipfs/QmXB7PLRWH6bCiwrGh2MrBBjNkLv3mY3JdYXCikYZSwLED/bootstrap.min.css"/>
+  <!-- helper to construct this is here: https://github.com/cryptix/exp/blob/master/imgesToCSSData/convert.go -->
+  <link rel="stylesheet" href="/ipfs/QmXB7PLRWH6bCiwrGh2MrBBjNkLv3mY3JdYXCikYZSwLED/icons.css">
+  <style>
+  .narrow {width: 0px;}
+  .padding { margin: 100px;}
+  #header {
+    background: #000;
+  }
+  #logo {
+    height: 25px;
+    margin: 10px;
+  }
+  .ipfs-icon {
+    width:16px;
+  }
+  </style>
+  <title>{{ .Path }}</title>
+</head>
+<body>
+  <div id="header" class="row">
+    <div class="col-xs-2">
+      <div id="logo" class="ipfs-logo">&nbsp;</div>
+    </div>
+  </div>
+  <br/>
+  <div class="col-xs-12">
+    <div class="panel panel-default">
+      <div class="panel-heading">
+        <strong>Index of {{ .Path }}</strong>
+      </div>
+      <table class="table table-striped">
+        <tr>
+          <td class="narrow">
+            <div class="ipfs-icon ipfs-_blank">&nbsp;</div>
+          </td>
+          <td class="padding">
+            <a href="{{.BackLink}}">..</a>
+          </td>
+          <td></td>
+        </tr>
+        {{ range .Listing }}
+        <tr>
+          <td>
+            <div class="ipfs-icon {{iconFromExt .Name}}">&nbsp;</div>
+          </td>
+          <td>
+            <a href="{{ .Path }}">{{ .Name }}</a>
+          </td>
+          <td>{{ .Size }}</td>
+        </tr>
+      {{ end }}
+      </table>
+    </div>
+  </div>
+</body>
+</html>

vendor/dir-index-html-v1.0.0/knownIcons.txt

@@ -0,0 +1,61 @@
+.aac
+.aiff
+.ai
+.avi
+.bmp
+.c
+.cpp
+.css
+.dat
+.dmg
+.doc
+.dotx
+.dwg
+.dxf
+.eps
+.exe
+.flv
+.gif
+.h
+.hpp
+.html
+.ics
+.iso
+.java
+.jpg
+.js
+.key
+.less
+.mid
+.mp3
+.mp4
+.mpg
+.odf
+.ods
+.odt
+.otp
+.ots
+.ott
+.pdf
+.php
+.png
+.ppt
+.psd
+.py
+.qt
+.rar
+.rb
+.rtf
+.sass
+.scss
+.sql
+.tga
+.tgz
+.tiff
+.txt
+.wav
+.xls
+.xlsx
+.xml
+.yml
+.zip

vendor/dir-index-html-v1.0.0/package.json

@@ -0,0 +1,4 @@
+{
+  "name": "dir-index-html",
+  "version": "1.0.0"
+}