mirror of
https://git.alemi.dev/guestbook.rs.git
synced 2024-12-19 02:54:52 +01:00
fix: sanitize html!!!
This commit is contained in:
parent
533ec27418
commit
c959b4e18a
2 changed files with 12 additions and 1 deletions
10
src/model.rs
10
src/model.rs
|
@ -18,6 +18,16 @@ pub struct Insertion {
|
|||
pub body: String,
|
||||
}
|
||||
|
||||
impl Insertion {
|
||||
pub fn sanitize(self) -> Self {
|
||||
Insertion {
|
||||
author: self.author.map(|x| html_escape::encode_safe(&x).to_string()),
|
||||
contact: self.contact.map(|x| html_escape::encode_safe(&x).to_string()),
|
||||
body: html_escape::encode_safe(&self.body).to_string(),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, Serialize, Deserialize)]
|
||||
pub enum Acknowledgement {
|
||||
Sent(String),
|
||||
|
|
|
@ -40,7 +40,8 @@ impl Context {
|
|||
}
|
||||
}
|
||||
|
||||
async fn send_suggestion(payload: Insertion, state: SafeContext) -> Result<Redirect, String> {
|
||||
async fn send_suggestion(unsafe_payload: Insertion, state: SafeContext) -> Result<Redirect, String> {
|
||||
let payload = unsafe_payload.sanitize();
|
||||
let mut hasher = Md5::new();
|
||||
let id = payload.contact.clone().unwrap_or(Uuid::new_v4().to_string());
|
||||
hasher.update(id.as_bytes());
|
||||
|
|
Loading…
Reference in a new issue