aljaz/njump
1
0
Fork 0
mirror of https://github.com/aljazceru/njump.git synced 2025-12-17 22:34:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Sanitize html content

Browse Source
This commit is contained in:
Daniele Tonon
2023-05-25 21:05:58 +02:00
parent 41685aa8ea
commit f38571c8e9
3 changed files with 57 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
render.go
View File

@@ -4,6 +4,7 @@ import (
_ "embed"
"encoding/json"
"fmt"
"html"
"net/http"
"regexp"
"strings"
@@ -161,9 +162,6 @@ func render(w http.ResponseWriter, r *http.Request) {
eventJSON, _ := json.MarshalIndent(event, "", " ")
// TODO: Sanitize content
description += "\n<script>alert('TODO: Sanitize the content!')</script>"
params := map[string]any{
"createdAt": createdAt,
"clients": generateClientList(code, event),
@@ -192,6 +190,7 @@ func render(w http.ResponseWriter, r *http.Request) {
var funcMap = template.FuncMap{
"BasicFormatting": BasicFormatting,
"SanitizeString": html.EscapeString,
}
var tmpl = template.Must(template.New("event").Funcs(funcMap).Parse(templates[typ]))