From 6eafe84f354d6c230461c057d18780c85d9ba1f2 Mon Sep 17 00:00:00 2001
From: legitnull <legitnull0@gmail.com>
Date: Wed, 12 Apr 2023 17:19:10 -0600
Subject: [PATCH] added simple csp, and whitespace trim

---
 src/comments.go | 10 ++++++++++
 src/main.go     |  4 ++++
 2 files changed, 14 insertions(+)

diff --git a/src/comments.go b/src/comments.go
index ab1c1dc..8304c7d 100644
--- a/src/comments.go
+++ b/src/comments.go
@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"log"
 	"net/http"
+	"strings"
 	"time"
 
 	"github.com/prologic/bitcask"
@@ -65,6 +66,15 @@ func submitCommentHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	author := strings.TrimSpace(r.FormValue("author"))
+	content := strings.TrimSpace(r.FormValue("content"))
+
+	// Check if author and content fields are not empty
+	if author == "" || content == "" {
+		http.Error(w, "Author and content fields must not be empty", http.StatusBadRequest)
+		return
+	}
+
 	comment := Comment{
 		Author:  r.FormValue("author"),
 		Content: r.FormValue("content"),
diff --git a/src/main.go b/src/main.go
index 9840523..b63639a 100644
--- a/src/main.go
+++ b/src/main.go
@@ -81,6 +81,10 @@ func handler(w http.ResponseWriter, r *http.Request) {
 	}
 	log.Printf("Rendering file %q from path %q", filePath, r.URL.Path)
 
+	// Set the Content Security Policy
+	csp := "default-src 'self'; img-src 'self'; script-src 'self'; style-src 'self';"
+	w.Header().Set("Content-Security-Policy", csp)
+
 	err = renderPage(w, r, localPath, filePath, commentsDB)
 	if err != nil {
 		log.Printf("Comment loading? %q", commentsDB.Path())