sphericalkat/katbin
1
0
Fork 0
Code Issues 5 Pull Requests 12 Actions Packages Projects Releases Wiki Activity

fix(paste): prevent \r \n characters from interfering with url redirects

Browse Source 
Signed-off-by: SphericalKat <amolele@gmail.com>
This commit is contained in:
Amogh Lele 2021-11-01 18:34:32 +05:30
parent ec4661fe44
commit 1ecb497199
No known key found for this signature in database
GPG Key ID: F0EA64BC1B44A7F3
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/ketbin_web/controllers/page_controller.ex
View File

@ -21,7 +21,9 @@ defmodule KetbinWeb.PageController do
# paste is a url, redirect # paste is a url, redirect
# regular paste, show content # regular paste, show content
if paste.is_url do if paste.is_url do
redirect(conn, external: paste.content) redirect(conn,
external: paste.content |> String.replace("\r", "") |> String.replace("\n", "")
)
else else
render(conn, "show.html", render(conn, "show.html",
paste: paste, paste: paste,

2
lib/ketbin_web/templates/page/show.html.heex
View File

@ -11,6 +11,6 @@
<%= if @extension == "md" do%> <%= if @extension == "md" do%>
<div class="break-word px-6 py-4 h-full w-full markdown overflow-y-auto"><%= raw Earmark.as_html!(@paste.content, escape: true, gfm_tables: true) |> HtmlSanitizeEx.markdown_html %></div> <div class="break-word px-6 py-4 h-full w-full markdown overflow-y-auto"><%= raw Earmark.as_html!(@paste.content, escape: true, gfm_tables: true) |> HtmlSanitizeEx.markdown_html %></div>
<% else %> <% else %>
<code class="break-word px-6 py-4 h-full w-full overflow-y-auto"><%= raw Ketbin.Utils.Syntax.highlight_text(@paste.content, @extension) |> HtmlSanitizeEx.strip_tags %></code> <code class="break-word px-6 py-4 h-full w-full overflow-y-auto"><%= raw Ketbin.Utils.Syntax.highlight_text(@paste.content, @extension) |> HtmlSanitizeEx.html5 %></code>
<% end %> <% end %>
</div> </div>