Schwarztee/brass
1
0
Fork 0
Code Issues 19 Pull Requests Packages Projects 1 Releases Wiki Activity

refactor: lift clothing input rules by safely escaping

Browse Source
This commit is contained in:
Max Hohlfeld 2025-05-24 18:13:48 +02:00
parent f1a22f83aa
commit 513e8983b9
2 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
web/src/endpoints/clothing/mod.rs
View File

@ -28,14 +28,6 @@ struct ReadClothingPartialTemplate {
#[derive(Deserialize, Validate)] #[derive(Deserialize, Validate)]
struct NewOrEditClothingForm { struct NewOrEditClothingForm {
#[garde(length(min=3), custom(alphanumeric_or_space))] #[garde(length(min=3))]
name: String, name: String,
} }
fn alphanumeric_or_space(value: &str, _context: &()) -> garde::Result {
if value.chars().all(|c| c.is_alphanumeric() || c == ' ') {
return Ok(())
} else {
return Err(garde::Error::new("Eingabe enthält unerlaubte Zeichen. Erlaubt sind Buchstaben, Zahlen und Leerzeichen."));
}
}

14
web/src/filters.rs
View File

@ -29,7 +29,8 @@ where
T: Display, T: Display,
{ {
if let Some(val) = option { if let Some(val) = option {
let s = format!(r#"value="{val}""#); let escaped = escape_html(val.to_string());
let s = format!(r#"value="{escaped}""#);
return Ok(s); return Ok(s);
} }
@ -94,3 +95,14 @@ pub fn fmt_time(v: &NaiveTime, format: DateTimeFormat) -> askama::Result<String>
Ok(v.format(format_string).to_string()) Ok(v.format(format_string).to_string())
} }
fn escape_html(string: String) -> String {
let s = string
.replace('&', "&amp;")
.replace('<', "&lt;")
.replace('>', "&gt;")
.replace('"', "&quot;")
.replace('\'', "&#x27;");
s
}