fix: sanitize html!!!

This commit is contained in:
əlemi 2023-12-23 04:21:40 +01:00
parent 533ec27418
commit c959b4e18a
Signed by: alemi
GPG key ID: A4895B84D311642C
2 changed files with 12 additions and 1 deletions

View file

@ -18,6 +18,16 @@ pub struct Insertion {
pub body: String, pub body: String,
} }
impl Insertion {
pub fn sanitize(self) -> Self {
Insertion {
author: self.author.map(|x| html_escape::encode_safe(&x).to_string()),
contact: self.contact.map(|x| html_escape::encode_safe(&x).to_string()),
body: html_escape::encode_safe(&self.body).to_string(),
}
}
}
#[derive(Debug, Clone, Serialize, Deserialize)] #[derive(Debug, Clone, Serialize, Deserialize)]
pub enum Acknowledgement { pub enum Acknowledgement {
Sent(String), Sent(String),

View file

@ -40,7 +40,8 @@ impl Context {
} }
} }
async fn send_suggestion(payload: Insertion, state: SafeContext) -> Result<Redirect, String> { async fn send_suggestion(unsafe_payload: Insertion, state: SafeContext) -> Result<Redirect, String> {
let payload = unsafe_payload.sanitize();
let mut hasher = Md5::new(); let mut hasher = Md5::new();
let id = payload.contact.clone().unwrap_or(Uuid::new_v4().to_string()); let id = payload.contact.clone().unwrap_or(Uuid::new_v4().to_string());
hasher.update(id.as_bytes()); hasher.update(id.as_bytes());