jlelse
/
GoBlog
mirror of https://github.com/jlelse/GoBlog
1
Fork 0
Code Packages Releases Activity

Trim spaces from comment values

This commit is contained in:
Jan-Lukas Else 2021-02-15 18:58:45 +01:00
parent 5b080e36a2
commit 478d1dcaac
1 changed files with 5 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
comments.go
View File

@ -56,22 +56,18 @@ func createComment(blog, commentsPath string) func(http.ResponseWriter, *http.Re
if target == "" {
return
}
// Check comment
comment := r.FormValue("comment")
// Check and clean comment
strict := bluemonday.StrictPolicy()
comment := strings.TrimSpace(strict.Sanitize(r.FormValue("comment")))
if comment == "" {
serveError(w, r, "Comment is empty", http.StatusBadRequest)
return
}
name := r.FormValue("name")
name := strings.TrimSpace(strict.Sanitize(r.FormValue("name")))
if name == "" {
name = "Anonymous"
}
website := r.FormValue("website")
// Clean
strict := bluemonday.StrictPolicy()
name = strict.Sanitize(name)
website = strict.Sanitize(website)
comment = strict.Sanitize(comment)
website := strings.TrimSpace(strict.Sanitize(r.FormValue("website")))
// Insert
result, err := appDbExec("insert into comments (target, comment, name, website) values (@target, @comment, @name, @website)", sql.Named("target", target), sql.Named("comment", comment), sql.Named("name", name), sql.Named("website", website))
if err != nil {