jlelse
/
GoBlog
mirror of https://github.com/jlelse/GoBlog
1
Fork 0
Code Packages Releases Activity

Trim spaces from comment values

This commit is contained in:
Jan-Lukas Else 2021-02-15 18:58:45 +01:00
parent 5b080e36a2
commit 478d1dcaac
1 changed files with 5 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
comments.go
View File

@ -56,22 +56,18 @@ func createComment(blog, commentsPath string) func(http.ResponseWriter, *http.Re
if target == "" { if target == "" {
return return
} }
// Check comment // Check and clean comment
comment := r.FormValue("comment") strict := bluemonday.StrictPolicy()
comment := strings.TrimSpace(strict.Sanitize(r.FormValue("comment")))
if comment == "" { if comment == "" {
serveError(w, r, "Comment is empty", http.StatusBadRequest) serveError(w, r, "Comment is empty", http.StatusBadRequest)
return return
} }
name := r.FormValue("name") name := strings.TrimSpace(strict.Sanitize(r.FormValue("name")))
if name == "" { if name == "" {
name = "Anonymous" name = "Anonymous"
} }
website := r.FormValue("website") website := strings.TrimSpace(strict.Sanitize(r.FormValue("website")))
// Clean
strict := bluemonday.StrictPolicy()
name = strict.Sanitize(name)
website = strict.Sanitize(website)
comment = strict.Sanitize(comment)
// Insert // Insert
result, err := appDbExec("insert into comments (target, comment, name, website) values (@target, @comment, @name, @website)", sql.Named("target", target), sql.Named("comment", comment), sql.Named("name", name), sql.Named("website", website)) result, err := appDbExec("insert into comments (target, comment, name, website) values (@target, @comment, @name, @website)", sql.Named("target", target), sql.Named("comment", comment), sql.Named("name", name), sql.Named("website", website))
if err != nil { if err != nil {