alemi/guestbook.rs
1
0
Fork 0
mirror of https://git.alemi.dev/guestbook.rs.git synced 2024-11-12 19:39:28 +01:00
Code Issues Projects Releases Packages Wiki Activity

fix: sanitize html!!!

Browse source
This commit is contained in:
əlemi 2023-12-23 04:21:40 +01:00
parent 533ec27418
commit c959b4e18a
Signed by: alemi
GPG key ID: A4895B84D311642C
2 changed files with 12 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/model.rs
View file

@ -18,6 +18,16 @@ pub struct Insertion {
pub body: String,
}
impl Insertion {
pub fn sanitize(self) -> Self {
Insertion {
author: self.author.map(|x| html_escape::encode_safe(&x).to_string()),
contact: self.contact.map(|x| html_escape::encode_safe(&x).to_string()),
body: html_escape::encode_safe(&self.body).to_string(),
}
}
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum Acknowledgement {
Sent(String),

3
src/routes.rs
View file

@ -40,7 +40,8 @@ impl Context {
}
}
async fn send_suggestion(payload: Insertion, state: SafeContext) -> Result<Redirect, String> {
async fn send_suggestion(unsafe_payload: Insertion, state: SafeContext) -> Result<Redirect, String> {
let payload = unsafe_payload.sanitize();
let mut hasher = Md5::new();
let id = payload.contact.clone().unwrap_or(Uuid::new_v4().to_string());
hasher.update(id.as_bytes());