mirror of
https://git.alemi.dev/guestbook.rs.git
synced 2024-11-14 12:29:19 +01:00
fix: sanitize html!!!
This commit is contained in:
parent
533ec27418
commit
c959b4e18a
2 changed files with 12 additions and 1 deletions
10
src/model.rs
10
src/model.rs
|
@ -18,6 +18,16 @@ pub struct Insertion {
|
||||||
pub body: String,
|
pub body: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
impl Insertion {
|
||||||
|
pub fn sanitize(self) -> Self {
|
||||||
|
Insertion {
|
||||||
|
author: self.author.map(|x| html_escape::encode_safe(&x).to_string()),
|
||||||
|
contact: self.contact.map(|x| html_escape::encode_safe(&x).to_string()),
|
||||||
|
body: html_escape::encode_safe(&self.body).to_string(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
#[derive(Debug, Clone, Serialize, Deserialize)]
|
#[derive(Debug, Clone, Serialize, Deserialize)]
|
||||||
pub enum Acknowledgement {
|
pub enum Acknowledgement {
|
||||||
Sent(String),
|
Sent(String),
|
||||||
|
|
|
@ -40,7 +40,8 @@ impl Context {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn send_suggestion(payload: Insertion, state: SafeContext) -> Result<Redirect, String> {
|
async fn send_suggestion(unsafe_payload: Insertion, state: SafeContext) -> Result<Redirect, String> {
|
||||||
|
let payload = unsafe_payload.sanitize();
|
||||||
let mut hasher = Md5::new();
|
let mut hasher = Md5::new();
|
||||||
let id = payload.contact.clone().unwrap_or(Uuid::new_v4().to_string());
|
let id = payload.contact.clone().unwrap_or(Uuid::new_v4().to_string());
|
||||||
hasher.update(id.as_bytes());
|
hasher.update(id.as_bytes());
|
||||||
|
|
Loading…
Reference in a new issue