package post
import (
"fmt"
"net/http"
"github.com/labstack/echo"
"github.com/microcosm-cc/bluemonday"
"github.com/thinkindev/im.dev/internal/misc"
"github.com/thinkindev/im.dev/internal/session"
"github.com/thinkindev/im.dev/internal/utils"
)
// Preview return the new review html of article
func Preview(c echo.Context) error {
render := c.FormValue("render")
newr := modify(render)
return c.JSON(http.StatusOK, misc.HTTPResp{
Data: newr,
})
}
/* modify the post content*/
// every user input need to be modified
// @user -> @user
// remove js,iframe such html tags and attributes
func modify(s string) string {
p := bluemonday.UGCPolicy()
p.AllowAttrs("class").Globally()
p.AllowAttrs("id").Globally()
p.AllowElements("input")
p.AllowAttrs("checked").OnElements("input")
p.AllowAttrs("disabled").OnElements("input")
p.AllowAttrs("type").OnElements("input")
p.AllowAttrs("style").OnElements("span")
p.AllowAttrs("style").OnElements("td")
p.AllowAttrs("style").OnElements("th")
// The policy can then be used to sanitize lots of input and it is safe to use the policy in multiple goroutines
render := p.Sanitize(s)
afterRender := make([]rune, 0, len(render))
idParseFlag := false
tempName := make([]rune, 0)
for _, r := range render {
if r == '@' {
idParseFlag = true
afterRender = append(afterRender, r)
continue
}
if idParseFlag {
if utils.ValidNameRune(r) {
tempName = append(tempName, r)
} else {
// end flag for parse name
idParseFlag = false
// check name exist
if session.CheckUserExist(string(tempName)) {
// converse @name -> @user
afterRender = append(afterRender, []rune(fmt.Sprintf("%s", string(tempName), string(tempName)))...)
} else {
afterRender = append(afterRender, tempName...)
}
afterRender = append(afterRender, r)
}
continue
}
afterRender = append(afterRender, r)
}
return string(afterRender)
}