diff options
| author | tim b <timb@camcompu.home> | 2010-05-29 21:15:13 -0700 |
|---|---|---|
| committer | tim b <timb@camcompu.home> | 2010-05-29 21:15:13 -0700 |
| commit | eebc4b09ee139a232a236b46c0f5a60fcc810222 (patch) | |
| tree | 2b2bbd8511cf2b2da2d0f64f31a029edce76e419 | |
| parent | dd8baca6e085e4d08ea76a191a18543351caa877 (diff) | |
admins can post html if wrapped in safe element
| -rw-r--r-- | src/site.clj | 12 | ||||
| -rw-r--r-- | static/js/pichat.js | 3 |
2 files changed, 13 insertions, 2 deletions
diff --git a/src/site.clj b/src/site.clj index 934e02d..6430cc2 100644 --- a/src/site.clj +++ b/src/site.clj @@ -569,6 +569,15 @@ FROM users u (boolean (and (re-find single-url-regex content) (re-find pic-regex (strip-params content))))) +;; admins can post arbitrary html if wrapped in <safe> +;; this is temporary so that i can test generating html messages +(defn validated-content [content session] + (if (.startsWith content "<safe>") + (if (is-vip? session) + (str content) + (str "<unsafe>" content "</unsafe>")) + (str content))) + (defn msg-db [user-id room-id content] (let [is-image (is-image? content) qry (str "INSERT INTO messages (user_id, room_id, content, is_image) " @@ -588,7 +597,8 @@ FROM users u (not nick) (resp-error "NOT_LOGGED_IN") mute (resp-error (format-mute mute)) :else - (let [msg-id (msg-db user-id (room :room_id) content)] + (let [content (validated-content content session) + msg-id (msg-db user-id (room :room_id) content)] (dosync (if (not (contains? (ensure (room :users)) nick)) (login-user (user-struct-from-session session) room)) diff --git a/static/js/pichat.js b/static/js/pichat.js index 8b088db..6046e86 100644 --- a/static/js/pichat.js +++ b/static/js/pichat.js @@ -169,7 +169,8 @@ function removeOldMessages(){ } function buildMsgContent(content) { - return linkify(escapeHtml(content)); + if (content.substr(0,6) == "<safe>") return content.substr(6,content.length - 13) + else return linkify(escapeHtml(content)); } // todo: |