From 0e062c213a2066a19ea908b0450c2bd6795a98f2 Mon Sep 17 00:00:00 2001 From: Yasuhiro Matsumoto Date: Tue, 13 Feb 2024 15:50:45 +0900 Subject: [PATCH] check valid shortcode --- package.json | 2 +- render_event.go | 16 ++++++++++++++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/package.json b/package.json index 8f1d515..abd9768 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "devDependencies": { "prettier": "^3.0.3", "prettier-plugin-tailwindcss": "^0.5.6", - "tailwindcss": "^3.3.5" + "tailwindcss": "^3.4.1" }, "scripts": { "postinstall": "tailwind -i tailwind.css -o static/tailwind-bundle.min.css --minify" diff --git a/render_event.go b/render_event.go index aff9ac9..b477a66 100644 --- a/render_event.go +++ b/render_event.go @@ -18,6 +18,15 @@ import ( "github.com/pelletier/go-toml" ) +func isValidShortcode(s string) bool { + for _, r := range s { + if !('a' <= r && r <= 'z' || 'A' <= r && r <= 'Z' || '0' <= r && r <= '9' || r == '_') { + return false + } + } + return true +} + func renderEvent(w http.ResponseWriter, r *http.Request) { code := r.URL.Path[1:] // hopefully a nip19 code @@ -349,8 +358,11 @@ func renderEvent(w http.ResponseWriter, r *http.Request) { content := data.content for _, tag := range data.event.Tags.GetAll([]string{"emoji"}) { - if len(tag) >= 3 { - content = strings.ReplaceAll(content, ":"+tag[1]+":", ``) + if len(tag) >= 3 && isValidShortcode(tag[1]) { + u, err := url.Parse(tag[2]) + if err == nil { + content = strings.ReplaceAll(content, ":"+tag[1]+":", ``) + } } } component = noteTemplate(NotePageParams{