diff --git a/contact.go b/contact.go index 8a5ce17..a56402d 100644 --- a/contact.go +++ b/contact.go @@ -7,10 +7,7 @@ import ( "net/http" "net/smtp" "strconv" - "strings" "time" - - "github.com/microcosm-cc/bluemonday" ) const defaultContactPath = "/contact" @@ -30,15 +27,14 @@ func (a *goBlog) serveContactForm(w http.ResponseWriter, r *http.Request) { func (a *goBlog) sendContactSubmission(w http.ResponseWriter, r *http.Request) { // Get form values - strict := bluemonday.StrictPolicy() // Name - formName := strings.TrimSpace(strict.Sanitize(r.FormValue("name"))) + formName := cleanHTMLText(r.FormValue("name")) // Email - formEmail := strings.TrimSpace(strict.Sanitize(r.FormValue("email"))) + formEmail := cleanHTMLText(r.FormValue("email")) // Website - formWebsite := strings.TrimSpace(strict.Sanitize(r.FormValue("website"))) + formWebsite := cleanHTMLText(r.FormValue("website")) // Message - formMessage := strings.TrimSpace(strict.Sanitize(r.FormValue("message"))) + formMessage := cleanHTMLText(r.FormValue("message")) if formMessage == "" { a.serveError(w, r, "Message is empty", http.StatusBadRequest) return diff --git a/markdown.go b/markdown.go index b9f1d8d..52eafe6 100644 --- a/markdown.go +++ b/markdown.go @@ -90,7 +90,7 @@ func (a *goBlog) renderText(s string) string { if err != nil { return "" } - return htmlText(h) + return htmlText(string(h)) } func (a *goBlog) renderMdTitle(s string) string { @@ -99,7 +99,7 @@ func (a *goBlog) renderMdTitle(s string) string { if err != nil { return "" } - return htmlText(buffer.Bytes()) + return htmlText(buffer.String()) } // Extensions etc... diff --git a/posts.go b/posts.go index 0a8b7e1..cd9f3f2 100644 --- a/posts.go +++ b/posts.go @@ -12,7 +12,6 @@ import ( "sync" "github.com/go-chi/chi/v5" - "github.com/microcosm-cc/bluemonday" "github.com/vcraescu/go-paginator" ) @@ -220,7 +219,7 @@ func (a *goBlog) serveIndex(w http.ResponseWriter, r *http.Request) { search := chi.URLParam(r, "search") if search != "" { // Decode and sanitize search - search = htmlText([]byte(bluemonday.StrictPolicy().Sanitize(searchDecode(search)))) + search = cleanHTMLText(searchDecode(search)) } pageNoString := chi.URLParam(r, "page") pageNo, _ := strconv.Atoi(pageNoString) diff --git a/search.go b/search.go index bb761df..cbca0fc 100644 --- a/search.go +++ b/search.go @@ -7,8 +7,6 @@ import ( "net/url" "path" "strings" - - "github.com/microcosm-cc/bluemonday" ) const defaultSearchPath = "/search" @@ -24,7 +22,7 @@ func (a *goBlog) serveSearch(w http.ResponseWriter, r *http.Request) { } if q := r.Form.Get("q"); q != "" { // Clean query - q = htmlText([]byte(bluemonday.StrictPolicy().Sanitize(q))) + q = cleanHTMLText(q) // Redirect to results http.Redirect(w, r, path.Join(servePath, searchEncode(q)), http.StatusFound) return diff --git a/utils.go b/utils.go index 9351cf4..8fd4261 100644 --- a/utils.go +++ b/utils.go @@ -1,7 +1,6 @@ package main import ( - "bytes" "crypto/sha256" "fmt" "html/template" @@ -16,6 +15,7 @@ import ( "github.com/PuerkitoBio/goquery" "github.com/araddon/dateparse" "github.com/c2h5oh/datasize" + "github.com/microcosm-cc/bluemonday" "github.com/thoas/go-funk" ) @@ -233,14 +233,18 @@ func mBytesString(size int64) string { return fmt.Sprintf("%.2f MB", datasize.ByteSize(size).MBytes()) } -func htmlText(b []byte) string { - d, err := goquery.NewDocumentFromReader(bytes.NewReader(b)) +func htmlText(s string) string { + d, err := goquery.NewDocumentFromReader(strings.NewReader(s)) if err != nil { return "" } return strings.TrimSpace(d.Text()) } +func cleanHTMLText(s string) string { + return htmlText(bluemonday.StrictPolicy().Sanitize(s)) +} + func defaultIfEmpty(s, d string) string { if s != "" { return s diff --git a/utils_test.go b/utils_test.go index b9d8e8e..4f27dda 100644 --- a/utils_test.go +++ b/utils_test.go @@ -72,3 +72,8 @@ func Test_urlHasExt(t *testing.T) { assert.Equal(t, "jpg", ext) }) } + +func Test_cleanHTMLText(t *testing.T) { + assert.Equal(t, `"This is a 'test'" 😁`, cleanHTMLText(`"This is a 'test'" 😁`)) + assert.Equal(t, `Test`, cleanHTMLText(`Test`)) +}