p90524618
/
answer
mirror of https://gitee.com/answerdev/answer.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

update userinfo html xss

This commit is contained in:
aichy126 2023-01-16 16:27:25 +08:00
parent f2046190d6
commit 7666a89a64
4 changed files with 130 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
docs/docs.go
View File

@ -2911,6 +2911,45 @@ const docTemplate = `{
}
}
},
"/answer/api/v1/post/render": {
"post": {
"security": [
{
"ApiKeyAuth": []
}
],
"description": "render post content",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"Upload"
],
"summary": "render post content",
"parameters": [
{
"description": "PostRenderReq",
"name": "data",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/schema.PostRenderReq"
}
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/handler.RespBody"
}
}
}
}
},
"/answer/api/v1/question": {
"put": {
"security": [
@ -6589,6 +6628,14 @@ const docTemplate = `{
}
}
},
"schema.PostRenderReq": {
"type": "object",
"properties": {
"content": {
"type": "string"
}
}
},
"schema.QuestionAdd": {
"type": "object",
"required": [

47
docs/swagger.json
View File

@ -2899,6 +2899,45 @@
}
}
},
"/answer/api/v1/post/render": {
"post": {
"security": [
{
"ApiKeyAuth": []
}
],
"description": "render post content",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"Upload"
],
"summary": "render post content",
"parameters": [
{
"description": "PostRenderReq",
"name": "data",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/schema.PostRenderReq"
}
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/handler.RespBody"
}
}
}
}
},
"/answer/api/v1/question": {
"put": {
"security": [
@ -6577,6 +6616,14 @@
}
}
},
"schema.PostRenderReq": {
"type": "object",
"properties": {
"content": {
"type": "string"
}
}
},
"schema.QuestionAdd": {
"type": "object",
"required": [

29
docs/swagger.yaml
View File

@ -976,6 +976,11 @@ definitions:
type:
type: string
type: object
schema.PostRenderReq:
properties:
content:
type: string
type: object
schema.QuestionAdd:
properties:
content:
@ -3684,6 +3689,30 @@ paths:
summary: user's votes
tags:
- Activity
/answer/api/v1/post/render:
post:
consumes:
- application/json
description: render post content
parameters:
- description: PostRenderReq
in: body
name: data
required: true
schema:
$ref: '#/definitions/schema.PostRenderReq'
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/handler.RespBody'
security:
- ApiKeyAuth: []
summary: render post content
tags:
- Upload
/answer/api/v1/question:
delete:
consumes:

8
internal/service/user_service.go
View File

@ -22,6 +22,7 @@ import (
usercommon "github.com/answerdev/answer/internal/service/user_common"
"github.com/answerdev/answer/pkg/checker"
"github.com/google/uuid"
"github.com/microcosm-cc/bluemonday"
"github.com/segmentfault/pacman/errors"
"github.com/segmentfault/pacman/log"
"golang.org/x/crypto/bcrypt"
@ -267,12 +268,17 @@ func (us *UserService) UpdateInfo(ctx context.Context, req *schema.UpdateInfoReq
if err != nil {
return nil, errors.BadRequest(reason.UserSetAvatar).WithError(err).WithStack()
}
xss := bluemonday.UGCPolicy()
bio := xss.Sanitize(
req.BioHTML,
)
userInfo := entity.User{}
userInfo.ID = req.UserID
userInfo.Avatar = string(avatar)
userInfo.DisplayName = req.DisplayName
userInfo.Bio = req.Bio
userInfo.BioHTML = req.BioHTML
userInfo.BioHTML = bio
userInfo.Location = req.Location
userInfo.Website = req.Website
userInfo.Username = req.Username