From 2c4b5d75b3b3f2d87cdcca29ed422533b49155dd Mon Sep 17 00:00:00 2001
From: Steven <stevenlgtm@gmail.com>
Date: Sun, 17 Dec 2023 23:37:00 +0800
Subject: [PATCH] chore: fix html escaping

---
 server/frontend/frontend.go | 11 ++++++-----
 store/migration_history.go  | 12 ------------
 test/test.go                |  1 -
 3 files changed, 6 insertions(+), 18 deletions(-)

diff --git a/server/frontend/frontend.go b/server/frontend/frontend.go
index 76ea8920b..5791a6700 100644
--- a/server/frontend/frontend.go
+++ b/server/frontend/frontend.go
@@ -3,6 +3,7 @@ package frontend
 import (
 	"embed"
 	"fmt"
+	"html/template"
 	"io/fs"
 	"net/http"
 	"strings"
@@ -172,14 +173,14 @@ func generateMemoMetadata(memo *store.Memo, creator *store.User) string {
 	}
 
 	metadataList := []string{
-		fmt.Sprintf(`<meta name="description" content="%s" />`, description),
-		fmt.Sprintf(`<meta property="og:title" content="%s" />`, fmt.Sprintf("%s(@%s) on Memos", creator.Nickname, creator.Username)),
-		fmt.Sprintf(`<meta property="og:description" content="%s" />`, description),
+		fmt.Sprintf(`<meta name="description" content="%s" />`, template.HTMLEscapeString(description)),
+		fmt.Sprintf(`<meta property="og:title" content="%s" />`, template.HTMLEscapeString(fmt.Sprintf("%s(@%s) on Memos", creator.Nickname, creator.Username))),
+		fmt.Sprintf(`<meta property="og:description" content="%s" />`, template.HTMLEscapeString(description)),
 		fmt.Sprintf(`<meta property="og:image" content="%s" />`, "https://www.usememos.com/logo.png"),
 		`<meta property="og:type" content="website" />`,
 		// Twitter related metadata.
-		fmt.Sprintf(`<meta name="twitter:title" content="%s" />`, fmt.Sprintf("%s(@%s) on Memos", creator.Nickname, creator.Username)),
-		fmt.Sprintf(`<meta name="twitter:description" content="%s" />`, description),
+		fmt.Sprintf(`<meta name="twitter:title" content="%s" />`, template.HTMLEscapeString(fmt.Sprintf("%s(@%s) on Memos", creator.Nickname, creator.Username))),
+		fmt.Sprintf(`<meta name="twitter:description" content="%s" />`, template.HTMLEscapeString(description)),
 		fmt.Sprintf(`<meta name="twitter:image" content="%s" />`, "https://www.usememos.com/logo.png"),
 		`<meta name="twitter:card" content="summary" />`,
 	}
diff --git a/store/migration_history.go b/store/migration_history.go
index c1fb897f5..693663bef 100644
--- a/store/migration_history.go
+++ b/store/migration_history.go
@@ -1,9 +1,5 @@
 package store
 
-import (
-	"context"
-)
-
 type MigrationHistory struct {
 	Version   string
 	CreatedTs int64
@@ -15,11 +11,3 @@ type UpsertMigrationHistory struct {
 
 type FindMigrationHistory struct {
 }
-
-func (s *Store) FindMigrationHistoryList(ctx context.Context, find *FindMigrationHistory) ([]*MigrationHistory, error) {
-	return s.driver.FindMigrationHistoryList(ctx, find)
-}
-
-func (s *Store) UpsertMigrationHistory(ctx context.Context, upsert *UpsertMigrationHistory) (*MigrationHistory, error) {
-	return s.driver.UpsertMigrationHistory(ctx, upsert)
-}
diff --git a/test/test.go b/test/test.go
index 10c37e9eb..9738c1387 100644
--- a/test/test.go
+++ b/test/test.go
@@ -33,7 +33,6 @@ func GetTestingProfile(t *testing.T) *profile.Profile {
 	if driver == "sqlite" {
 		dsn = fmt.Sprintf("%s/memos_%s.db", dir, mode)
 	}
-	println("dsn", dsn, driver)
 	return &profile.Profile{
 		Mode:    mode,
 		Port:    port,