site/zedshaw.games
1
0
Fork 0
Code Issues 7 Pull requests Projects Releases Packages Wiki Activity Actions

Use http_url in Validator instead of url or else people can inject JavaScript.

Browse source
This commit is contained in:
Zed A. Shaw 2025-07-11 11:11:44 -04:00
parent a3d4a3dc70
commit de24d64f44
2 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
data/models.go
View file

@ -14,7 +14,7 @@ type User struct {
type Link struct {
Id int `db:"id" json:"id"`
StreamId int `db:"stream_id" json:"stream_id" form:"stream_id" validate:"required,numeric"`
Url string `db:"url" json:"url" form:"url" validate:"required,url"`
Url string `db:"url" json:"url" form:"url" validate:"required,http_url"`
Description string `db:"description" json:"description" form:"description" validate:"required"`
}

4
public/register/index.html
View file

@ -32,8 +32,8 @@
<middle>
<label for="username">Username</label>
<input id="username" name="username" placeholder="Username" type="text">
<label for="email">Email</label>
<input id="email" name="email" placeholder="Email" type="text">
<label for="email">FAKE! Email</label>
<input id="email" name="email" placeholder="fake@faker.com" type="text">
<label for="password">Password</label>
<input id="password" name="password" placeholder="Password" type="password">
</middle>