From eebc4b09ee139a232a236b46c0f5a60fcc810222 Mon Sep 17 00:00:00 2001 From: tim b Date: Sat, 29 May 2010 21:15:13 -0700 Subject: admins can post html if wrapped in safe element --- src/site.clj | 12 +++++++++++- static/js/pichat.js | 3 ++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/src/site.clj b/src/site.clj index 934e02d..6430cc2 100644 --- a/src/site.clj +++ b/src/site.clj @@ -569,6 +569,15 @@ FROM users u (boolean (and (re-find single-url-regex content) (re-find pic-regex (strip-params content))))) +;; admins can post arbitrary html if wrapped in +;; this is temporary so that i can test generating html messages +(defn validated-content [content session] + (if (.startsWith content "") + (if (is-vip? session) + (str content) + (str "" content "")) + (str content))) + (defn msg-db [user-id room-id content] (let [is-image (is-image? content) qry (str "INSERT INTO messages (user_id, room_id, content, is_image) " @@ -588,7 +597,8 @@ FROM users u (not nick) (resp-error "NOT_LOGGED_IN") mute (resp-error (format-mute mute)) :else - (let [msg-id (msg-db user-id (room :room_id) content)] + (let [content (validated-content content session) + msg-id (msg-db user-id (room :room_id) content)] (dosync (if (not (contains? (ensure (room :users)) nick)) (login-user (user-struct-from-session session) room)) diff --git a/static/js/pichat.js b/static/js/pichat.js index 8b088db..6046e86 100644 --- a/static/js/pichat.js +++ b/static/js/pichat.js @@ -169,7 +169,8 @@ function removeOldMessages(){ } function buildMsgContent(content) { - return linkify(escapeHtml(content)); + if (content.substr(0,6) == "") return content.substr(6,content.length - 13) + else return linkify(escapeHtml(content)); } // todo: -- cgit v1.2.3-70-g09d2