sad/tcp-wiki
3
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added simple csp, and whitespace trim

Browse Source
This commit is contained in:
legitnull 2023-04-12 17:19:10 -06:00
parent 1a79b7beac
commit 6eafe84f35
2 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/comments.go
View File

@ -4,6 +4,7 @@ import (
"encoding/json" "encoding/json"
"log" "log"
"net/http" "net/http"
"strings"
"time" "time"
"github.com/prologic/bitcask" "github.com/prologic/bitcask"
@ -65,6 +66,15 @@ func submitCommentHandler(w http.ResponseWriter, r *http.Request) {
return return
} }
author := strings.TrimSpace(r.FormValue("author"))
content := strings.TrimSpace(r.FormValue("content"))
// Check if author and content fields are not empty
if author == "" || content == "" {
http.Error(w, "Author and content fields must not be empty", http.StatusBadRequest)
return
}
comment := Comment{ comment := Comment{
Author: r.FormValue("author"), Author: r.FormValue("author"),
Content: r.FormValue("content"), Content: r.FormValue("content"),

4
src/main.go
View File

@ -81,6 +81,10 @@ func handler(w http.ResponseWriter, r *http.Request) {
} }
log.Printf("Rendering file %q from path %q", filePath, r.URL.Path) log.Printf("Rendering file %q from path %q", filePath, r.URL.Path)
// Set the Content Security Policy
csp := "default-src 'self'; img-src 'self'; script-src 'self'; style-src 'self';"
w.Header().Set("Content-Security-Policy", csp)
err = renderPage(w, r, localPath, filePath, commentsDB) err = renderPage(w, r, localPath, filePath, commentsDB)
if err != nil { if err != nil {
log.Printf("Comment loading? %q", commentsDB.Path()) log.Printf("Comment loading? %q", commentsDB.Path())