diff --git a/src/comments.go b/src/comments.go index ab1c1dc..8304c7d 100644 --- a/src/comments.go +++ b/src/comments.go @@ -4,6 +4,7 @@ import ( "encoding/json" "log" "net/http" + "strings" "time" "github.com/prologic/bitcask" @@ -65,6 +66,15 @@ func submitCommentHandler(w http.ResponseWriter, r *http.Request) { return } + author := strings.TrimSpace(r.FormValue("author")) + content := strings.TrimSpace(r.FormValue("content")) + + // Check if author and content fields are not empty + if author == "" || content == "" { + http.Error(w, "Author and content fields must not be empty", http.StatusBadRequest) + return + } + comment := Comment{ Author: r.FormValue("author"), Content: r.FormValue("content"), diff --git a/src/main.go b/src/main.go index 9840523..b63639a 100644 --- a/src/main.go +++ b/src/main.go @@ -81,6 +81,10 @@ func handler(w http.ResponseWriter, r *http.Request) { } log.Printf("Rendering file %q from path %q", filePath, r.URL.Path) + // Set the Content Security Policy + csp := "default-src 'self'; img-src 'self'; script-src 'self'; style-src 'self';" + w.Header().Set("Content-Security-Policy", csp) + err = renderPage(w, r, localPath, filePath, commentsDB) if err != nil { log.Printf("Comment loading? %q", commentsDB.Path())