Currently we have some license issues. We are working on it.

Commit 9f4a3d89 authored by zauberstuhl's avatar zauberstuhl
Browse files

HTML sanitize name and category field in locations

parent d18c675b
......@@ -25,6 +25,7 @@ import (
"fmt"
"github.com/spf13/viper"
"github.com/microcosm-cc/bluemonday"
"github.com/jinzhu/gorm"
_ "github.com/jinzhu/gorm/dialects/sqlite"
_ "github.com/jinzhu/gorm/dialects/mysql"
......@@ -79,10 +80,18 @@ func (locations Locations) LatLngJSON() template.JS {
category:"%s"
}
}],`
html := bluemonday.UGCPolicy()
for _, location := range locations {
result += fmt.Sprintf(format, location.Lat, location.Lng,
location.CreatedAt.Unix(), location.Icon,
location.Name, location.Url, location.Category)
result += fmt.Sprintf(format,
location.Lat,
location.Lng,
location.CreatedAt.Unix(),
location.Icon,
html.Sanitize(location.Name),
location.Url,
html.Sanitize(location.Category),
)
}
// trim last comma
result = strings.TrimRight(result, ",")
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment