Rework the user object of glsa comments

Signed-off-by: Max Magorsch <arzano@gentoo.org>
author: Max Magorsch <arzano@gentoo.org> 2020-04-20 16:59:32 +0200
committer: Max Magorsch <arzano@gentoo.org> 2020-04-20 16:59:32 +0200
commit: 684f97703f97de41cccbbbefef6a3a4ba4bec898 (patch)
tree: b8076727b5e9e936688282aec9d29481ad3d76d2 /pkg/app/handler/glsa/comments.go
parent: Redo the comment escaping (diff)
download: glsamaker-684f97703f97de41cccbbbefef6a3a4ba4bec898.tar.gz
glsamaker-684f97703f97de41cccbbbefef6a3a4ba4bec898.tar.bz2
glsamaker-684f97703f97de41cccbbbefef6a3a4ba4bec898.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/pkg/app/handler/glsa/comments.go b/pkg/app/handler/glsa/comments.go
index a3afe0b..73d11c2 100644
--- a/pkg/app/handler/glsa/comments.go
+++ b/pkg/app/handler/glsa/comments.go
@@ -10,6 +10,7 @@ import (
 	"glsamaker/pkg/models/users"
 	"encoding/json"
 	"errors"
+	"html"
 	"net/http"
 	"strconv"
 	"time"
@@ -41,6 +42,15 @@ func AddComment(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	newComment.Message = html.EscapeString(newComment.Message)
+	newComment.User = &users.User{
+		Id:                      newComment.User.Id,
+		Email:                   newComment.User.Email,
+		Nick:                    newComment.User.Nick,
+		Name:                    newComment.User.Name,
+		Badge:                   newComment.User.Badge,
+	}
+
 	newCommentString, _ := json.Marshal(newComment)
 
 	w.Write(newCommentString)
author	Max Magorsch <arzano@gentoo.org>	2020-04-20 16:59:32 +0200
committer	Max Magorsch <arzano@gentoo.org>	2020-04-20 16:59:32 +0200
commit	684f97703f97de41cccbbbefef6a3a4ba4bec898 (patch)
tree	b8076727b5e9e936688282aec9d29481ad3d76d2 /pkg/app/handler/glsa/comments.go
parent	Redo the comment escaping (diff)
download	glsamaker-684f97703f97de41cccbbbefef6a3a4ba4bec898.tar.gz glsamaker-684f97703f97de41cccbbbefef6a3a4ba4bec898.tar.bz2 glsamaker-684f97703f97de41cccbbbefef6a3a4ba4bec898.zip