commento/api/utils_sanitise.go

package main

import (
	"regexp"
	"strings"
)

var prePlusMatch = regexp.MustCompile(`([^@\+]*)\+?(.*)@.*`)
var periodsMatch = regexp.MustCompile(`[\.]`)
var postAtMatch = regexp.MustCompile(`[^@]*(@.*)`)

func emailStrip(email string) string {
	postAt := postAtMatch.ReplaceAllString(email, `$1`)
	prePlus := prePlusMatch.ReplaceAllString(email, `$1`)
	strippedEmail := periodsMatch.ReplaceAllString(prePlus, ``) + postAt

	return strippedEmail
}

var https = regexp.MustCompile(`(https?://)`)
var domainTrail = regexp.MustCompile(`(/.*$)`)

func domainStrip(domain string) string {
	noProtocol := https.ReplaceAllString(domain, ``)
	noTrail := domainTrail.ReplaceAllString(noProtocol, ``)

	return noTrail
}

var pathMatch = regexp.MustCompile(`(https?://[^/]*)`)

func pathStrip(url string) string {
	strippedPath := pathMatch.ReplaceAllString(url, ``)

	return strippedPath
}

var httpsUrl = regexp.MustCompile(`^https?://`)

func isHttpsUrl(in string) bool {
	// Admittedly, this isn't the greatest URL checker. But it does what we need.
	// I don't care if the user gives an invalid URL, I just want to make sure
	// they don't do any XSS shenanigans. Hopefully, enforcing a https?:// prefix
	// solves this. If this function returns false, prefix with "http://"
	return len(httpsUrl.FindAllString(in, -1)) != 0
}

func addHttpIfAbsent(in string) string {
	if !strings.HasPrefix(in, "http://") && !strings.HasPrefix(in, "https://") {
		return "http://" + in
	}

	return in
}
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`package main`

			`import (`
			`"regexp"`
config.go: add http prefix to ORIGIN and CDN_PREFIX 2018-08-13 01:08:48 +08:00			`"strings"`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`)`

			var prePlusMatch = regexp.MustCompile(`([^@\+])\+?(.)@.*`)
			var periodsMatch = regexp.MustCompile(`[\.]`)
			var postAtMatch = regexp.MustCompile(`[^@](@.)`)

api: standardise strip fn names 2018-07-24 15:00:45 +08:00			`func emailStrip(email string) string {`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			postAt := postAtMatch.ReplaceAllString(email, `$1`)
			prePlus := prePlusMatch.ReplaceAllString(email, `$1`)
			strippedEmail := periodsMatch.ReplaceAllString(prePlus, ``) + postAt

			`return strippedEmail`
			`}`

			var https = regexp.MustCompile(`(https?://)`)
utils_sanitise.go: strip protocol before trailer Fixes https://gitlab.com/commento/commento/issues/176 2019-11-21 17:09:21 +08:00			var domainTrail = regexp.MustCompile(`(/.*$)`)
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00
api: standardise strip fn names 2018-07-24 15:00:45 +08:00			`func domainStrip(domain string) string {`
utils_sanitise.go: strip protocol before trailer Fixes https://gitlab.com/commento/commento/issues/176 2019-11-21 17:09:21 +08:00			noProtocol := https.ReplaceAllString(domain, ``)
			noTrail := domainTrail.ReplaceAllString(noProtocol, ``)
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00
utils_sanitise.go: strip protocol before trailer Fixes https://gitlab.com/commento/commento/issues/176 2019-11-21 17:09:21 +08:00			`return noTrail`
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00			`}`

router_static.go: set Content-Type header 2018-06-03 22:49:36 +08:00			var pathMatch = regexp.MustCompile(`(https?://[^/]*)`)
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00
api: standardise strip fn names 2018-07-24 15:00:45 +08:00			`func pathStrip(url string) string {`
router_static.go: set Content-Type header 2018-06-03 22:49:36 +08:00			strippedPath := pathMatch.ReplaceAllString(url, ``)
api: Add go files I know this is a huge commit, but I can't be bothered to check this in part by part. 2018-05-27 22:40:42 +08:00
			`return strippedPath`
			`}`
api: sanitise new commenters' links 2018-06-11 01:43:18 +08:00
			var httpsUrl = regexp.MustCompile(`^https?://`)

			`func isHttpsUrl(in string) bool {`
			`// Admittedly, this isn't the greatest URL checker. But it does what we need.`
			`// I don't care if the user gives an invalid URL, I just want to make sure`
			`// they don't do any XSS shenanigans. Hopefully, enforcing a https?:// prefix`
			`// solves this. If this function returns false, prefix with "http://"`
			`return len(httpsUrl.FindAllString(in, -1)) != 0`
			`}`
config.go: add http prefix to ORIGIN and CDN_PREFIX 2018-08-13 01:08:48 +08:00
			`func addHttpIfAbsent(in string) string {`
			`if !strings.HasPrefix(in, "http://") && !strings.HasPrefix(in, "https://") {`
			`return "http://" + in`
			`}`

			`return in`
			`}`