fix: Improved path escaping

lib/bdfr_browser/http/plug.ex

@@ -138,7 +138,12 @@ defmodule BdfrBrowser.HTTP.Plug do
 
   defp media_path(full_path) do
     base_directory = Application.fetch_env!(:bdfr_browser, :base_directory)
-    String.replace(full_path, "#{base_directory}/", "/media/")
+
+    full_path
+    |> String.replace("#{base_directory}/", "/media/")
+    |> String.split("/")
+    |> Enum.map(fn p -> URI.encode(p, &URI.char_unreserved?/1) end)
+    |> Enum.join("/")
   end
 
   defp mime_from_ext(path) do

priv/templates/http/post.eex

@@ -27,7 +27,7 @@
           <div class="carousel-inner">
             <%= for {img, i} <-  Enum.with_index(media.images) do %>
               <div class="carousel-item <%= if i == 0, do: "active" %>">
-                <img src="<%= URI.encode(img) %>" class="d-block w-100">
+                <img src="<%= img %>" class="d-block w-100">
               </div>
             <% end %>
           </div>
@@ -48,7 +48,7 @@
         <div class="row">
           <%= for video <-  media.videos do %>
             <video controls loop>
-              <source src="<%= URI.encode(video) %>" type="video/mp4">
+              <source src="<%= video %>" type="video/mp4">
             </video>
           <% end %>
         </div>

priv/templates/http/subreddit_posts.eex

@@ -19,7 +19,7 @@
           <%= for post <- posts do %>
             <div class="card">
               <div class="card-body">
-                <h5 class="card-title"><a href="/r/<%= subreddit %>/<%= date %>/<%= URI.encode(post.filename) %>"><%= post.title %></a></h5>
+                <h5 class="card-title"><a href="/r/<%= subreddit %>/<%= date %>/<%= URI.encode(post.filename, &URI.char_unreserved?/1) %>"><%= post.title %></a></h5>
                 <h6 class="card-subtitle mb-2 text-body-secondary">
                   <%= post.num_comments %> comment(s) - <%= trunc(post.created_utc) |> DateTime.from_unix!() |> DateTime.to_iso8601() %>
                 </h6>