rust
/
rust-course
mirror of https://github.com/sunface/rust-course
5
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '90d1f4bb2e'
${ noResults }
rust-course/internal/post/modify.go

76 lines
2.0 KiB
Raw Blame History

package post
import (
"fmt"
"net/http"
"github.com/labstack/echo"
"github.com/microcosm-cc/bluemonday"
"github.com/thinkindev/im.dev/internal/misc"
"github.com/thinkindev/im.dev/internal/session"
"github.com/thinkindev/im.dev/internal/utils"
)
// Preview return the new review html of article
func Preview(c echo.Context) error {
render := c.FormValue("render")
newr := modify(render)
return c.JSON(http.StatusOK, misc.HTTPResp{
Data: newr,
})
}
/* modify the post content*/
// every user input need to be modified
// @user -> <a href="UserPage">@user</a>
// remove js,iframe such html tags and attributes
func modify(s string) string {
p := bluemonday.UGCPolicy()
p.AllowAttrs("class").Globally()
p.AllowAttrs("id").Globally()
p.AllowElements("input")
p.AllowAttrs("checked").OnElements("input")
p.AllowAttrs("disabled").OnElements("input")
p.AllowAttrs("type").OnElements("input")
p.AllowAttrs("style").OnElements("span")
p.AllowAttrs("style").OnElements("td")
p.AllowAttrs("style").OnElements("th")
// The policy can then be used to sanitize lots of input and it is safe to use the policy in multiple goroutines
render := p.Sanitize(s)
afterRender := make([]rune, 0, len(render))
idParseFlag := false
tempName := make([]rune, 0)
for _, r := range render {
if r == '@' {
idParseFlag = true
afterRender = append(afterRender, r)
continue
}
if idParseFlag {
if utils.ValidNameRune(r) {
tempName = append(tempName, r)
} else {
// end flag for parse name
idParseFlag = false
// check name exist
if session.CheckUserExist(string(tempName)) {
// converse @name -> <a href="UserPage">@user</a>
afterRender = append(afterRender, []rune(fmt.Sprintf("<a href='http://localhost:9532/%s'>%s</a>", string(tempName), string(tempName)))...)
} else {
afterRender = append(afterRender, tempName...)
}
afterRender = append(afterRender, r)
}
continue
}
afterRender = append(afterRender, r)
}
return string(afterRender)
}
Reference in new issue View Git Blame Copy Permalink