evan.jarrett.net / core
forked from tangled.org/core
Monorepo for Tangled — https://tangled.org
fork atom

appview/knots, appview/spindles: strip protocol and @ symbol from user inputs

Signed-off-by: Evan Jarrett <evan@evanjarrett.com>

evan.jarrett.net e3ad8903 a79983a4

verified
options
unified split
Changed files
+21 -3
appview
knots
knots.go
pages
templates
knots
fragments
addMemberModal.html
repo
settings
access.html
spindles
fragments
addMemberModal.html
spindles
spindles.go
+9
appview/knots/knots.go
··· 6 6 "log/slog" 7 7 "net/http" 8 8 "slices" 9 + "strings" 9 10 "time" 10 11 11 12 "github.com/go-chi/chi/v5" ··· 145 146 } 146 147 147 148 domain := r.FormValue("domain") 149 + // Strip protocol, trailing slashes, and whitespace 150 + // Rkey cannot contain slashes 151 + domain = strings.TrimSpace(domain) 152 + domain = strings.TrimPrefix(domain, "https://") 153 + domain = strings.TrimPrefix(domain, "http://") 154 + domain = strings.TrimSuffix(domain, "/") 148 155 if domain == "" { 149 156 k.Pages.Notice(w, noticeId, "Incomplete form.") 150 157 return ··· 526 533 } 527 534 528 535 member := r.FormValue("member") 536 + member = strings.TrimPrefix(member, "@") 529 537 if member == "" { 530 538 l.Error("empty member") 531 539 k.Pages.Notice(w, noticeId, "Failed to add member, empty form.") ··· 626 634 } 627 635 628 636 member := r.FormValue("member") 637 + member = strings.TrimPrefix(member, "@") 629 638 if member == "" { 630 639 l.Error("empty member") 631 640 k.Pages.Notice(w, noticeId, "Failed to remove member, empty form.")
+1 -1
appview/pages/templates/knots/fragments/addMemberModal.html
··· 34 34 id="member-did-{{ .Id }}" 35 35 name="member" 36 36 required 37 - placeholder="@foo.bsky.social" 37 + placeholder="foo.bsky.social" 38 38 /> 39 39 <div class="flex gap-2 pt-2"> 40 40 <button
+1 -1
appview/pages/templates/repo/settings/access.html
··· 89 89 id="add-collaborator" 90 90 name="collaborator" 91 91 required 92 - placeholder="@foo.bsky.social" 92 + placeholder="foo.bsky.social" 93 93 /> 94 94 <div class="flex gap-2 pt-2"> 95 95 <button
+1 -1
appview/pages/templates/spindles/fragments/addMemberModal.html
··· 36 36 id="member-did-{{ .Id }}" 37 37 name="member" 38 38 required 39 - placeholder="@foo.bsky.social" 39 + placeholder="foo.bsky.social" 40 40 /> 41 41 <div class="flex gap-2 pt-2"> 42 42 <button
+9
appview/spindles/spindles.go
··· 6 6 "log/slog" 7 7 "net/http" 8 8 "slices" 9 + "strings" 9 10 "time" 10 11 11 12 "github.com/go-chi/chi/v5" ··· 146 147 } 147 148 148 149 instance := r.FormValue("instance") 150 + // Strip protocol, trailing slashes, and whitespace 151 + // Rkey cannot contain slashes 152 + instance = strings.TrimSpace(instance) 153 + instance = strings.TrimPrefix(instance, "https://") 154 + instance = strings.TrimPrefix(instance, "http://") 155 + instance = strings.TrimSuffix(instance, "/") 149 156 if instance == "" { 150 157 s.Pages.Notice(w, noticeId, "Incomplete form.") 151 158 return ··· 484 491 } 485 492 486 493 member := r.FormValue("member") 494 + member = strings.TrimPrefix(member, "@") 487 495 if member == "" { 488 496 l.Error("empty member") 489 497 s.Pages.Notice(w, noticeId, "Failed to add member, empty form.") ··· 613 621 } 614 622 615 623 member := r.FormValue("member") 624 + member = strings.TrimPrefix(member, "@") 616 625 if member == "" { 617 626 l.Error("empty member") 618 627 s.Pages.Notice(w, noticeId, "Failed to remove member, empty form.")