SCHISANDRA/schisandra-cloud-album
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add xss filter

Browse Source
This commit is contained in:
landaiqing
2024-10-15 18:14:24 +08:00
parent 16616e3755
commit 5894bc6d95
7 changed files with 52 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
controller/comment_controller/comment_controller.go
View File

@@ -62,7 +62,12 @@ func (CommentController) CommentSubmit(c *gin.Context) {
if commentRequest.UserID == commentRequest.Author {
isAuthor = 1
}
commentContent := global.SensitiveManager.Replace(commentRequest.Content, '*')
xssFilterContent := utils.XssFilter(commentRequest.Content)
if xssFilterContent == "" {
result.FailWithMessage(ginI18n.MustGetMessage(c, "CommentSubmitFailed"), c)
return
}
commentContent := global.SensitiveManager.Replace(xssFilterContent, '*')
commentReply := model.ScaCommentReply{
Content: commentContent,
UserId: commentRequest.UserID,
@@ -131,7 +136,12 @@ func (CommentController) ReplySubmit(c *gin.Context) {
if replyCommentRequest.UserID == replyCommentRequest.Author {
isAuthor = 1
}
commentContent := global.SensitiveManager.Replace(replyCommentRequest.Content, '*')
xssFilterContent := utils.XssFilter(replyCommentRequest.Content)
if xssFilterContent == "" {
result.FailWithMessage(ginI18n.MustGetMessage(c, "CommentSubmitFailed"), c)
return
}
commentContent := global.SensitiveManager.Replace(xssFilterContent, '*')
commentReply := model.ScaCommentReply{
Content: commentContent,
UserId: replyCommentRequest.UserID,
@@ -202,7 +212,12 @@ func (CommentController) ReplyReplySubmit(c *gin.Context) {
if replyReplyRequest.UserID == replyReplyRequest.Author {
isAuthor = 1
}
commentContent := global.SensitiveManager.Replace(replyReplyRequest.Content, '*')
xssFilterContent := utils.XssFilter(replyReplyRequest.Content)
if xssFilterContent == "" {
result.FailWithMessage(ginI18n.MustGetMessage(c, "CommentSubmitFailed"), c)
return
}
commentContent := global.SensitiveManager.Replace(xssFilterContent, '*')
commentReply := model.ScaCommentReply{
Content: commentContent,
UserId: replyReplyRequest.UserID,

2
controller/user_controller/user_controller.go
View File

@@ -249,7 +249,7 @@ func (UserController) RefreshHandler(c *gin.Context) {
}
data, res := userService.RefreshTokenService(request.RefreshToken)
if !res {
result.FailWithMessage(ginI18n.MustGetMessage(c, "LoginExpired"), c)
result.FailWithCodeAndMessage(403, ginI18n.MustGetMessage(c, "LoginExpired"), c)
return
}
result.OkWithData(data, c)