saul365/commento
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

api: sanitise new commenters' links

Browse Source
This commit is contained in:
Adhityaa
2018-06-10 23:13:18 +05:30
parent 2020405e8b
commit 42a58f1d87
2 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
api/commenter_new.go
View File

@@ -15,6 +15,13 @@ func commenterNew(email string, name string, link string, photo string, provider
return "", errorMissingField
}
// See utils_sanitise.go's documentation on isHttpsUrl. This is not a URL
// validator, just an XSS preventor.
// TODO: reject URLs instead of malforming them.
if !isHttpsUrl(link) {
link = "https://" + link
}
if _, err := commenterGetByEmail(provider, email); err == nil {
return "", errorEmailAlreadyExists
}