Merge pull request #223 from igalic/fix/safe-string

make blog/instance description a SafeString

plume-models/src/blogs.rs

@@ -22,6 +22,7 @@ use plume_common::activity_pub::{
     inbox::WithInbox,
     sign
 };
+use safe_string::SafeString;
 use instance::*;
 use users::User;
 use schema::blogs;
@@ -142,8 +143,8 @@ impl Blog {
                     name: inst.clone(),
                     local: false,
                     // We don't really care about all the following for remote instances
-                    long_description: String::new(),
+                    long_description: SafeString::new(""),
-                    short_description: String::new(),
+                    short_description: SafeString::new(""),
                     default_license: String::new(),
                     open_registrations: true,
                     short_description_html: String::new(),

plume-models/src/instance.rs

@@ -3,6 +3,7 @@ use diesel::{self, QueryDsl, RunQueryDsl, ExpressionMethods, PgConnection};
 use std::iter::Iterator;
 
 use plume_common::utils::md_to_html;
+use safe_string::SafeString;
 use ap_url;
 use users::User;
 use schema::{instances, users};
@@ -16,8 +17,8 @@ pub struct Instance {
     pub blocked: bool,
     pub creation_date: NaiveDateTime,
     pub open_registrations: bool,
-    pub short_description: String,
+    pub short_description: SafeString,
-    pub long_description: String,
+    pub long_description: SafeString,
     pub default_license : String,
     pub long_description_html: String,
     pub short_description_html: String
@@ -30,8 +31,8 @@ pub struct NewInstance {
     pub name: String,
     pub local: bool,
     pub open_registrations: bool,
-    pub short_description: String,
+    pub short_description: SafeString,
-    pub long_description: String,
+    pub long_description: SafeString,
     pub default_license : String,
     pub long_description_html: String,
     pub short_description_html: String
@@ -114,7 +115,7 @@ impl Instance {
         ))
     }
 
-    pub fn update(&self, conn: &PgConnection, name: String, open_registrations: bool, short_description: String, long_description: String) -> Instance {
+    pub fn update(&self, conn: &PgConnection, name: String, open_registrations: bool, short_description: SafeString, long_description: SafeString) -> Instance {
         let (sd, _) = md_to_html(short_description.as_ref());
         let (ld, _) = md_to_html(long_description.as_ref());
         diesel::update(self)

plume-models/src/safe_string.rs

@@ -101,3 +101,15 @@ impl AsRef<str> for SafeString {
         &self.value
     }
 }
+
+use rocket::request::FromFormValue;
+use rocket::http::RawStr;
+
+impl<'v> FromFormValue<'v> for SafeString {
+    type Error = &'v RawStr;
+
+    fn from_form_value(form_value: &'v RawStr) -> Result<SafeString, &'v RawStr> {
+        let val = String::from_form_value(form_value)?;
+        Ok(SafeString::new(&val))
+    }
+}

plume-models/src/users.rs

@@ -205,8 +205,8 @@ impl User {
                     public_domain: inst.clone(),
                     local: false,
                     // We don't really care about all the following for remote instances
-                    long_description: String::new(),
+                    long_description: SafeString::new(""),
-                    short_description: String::new(),
+                    short_description: SafeString::new(""),
                     default_license: String::new(),
                     open_registrations: true,
                     short_description_html: String::new(),

src/routes/instance.rs

@@ -10,7 +10,9 @@ use plume_models::{
     db_conn::DbConn,
     posts::Post,
     users::User,
+    safe_string::SafeString,
     instance::*
+
 };
 use inbox::Inbox;
 use routes::Page;
@@ -110,8 +112,8 @@ struct InstanceSettingsForm {
     #[validate(length(min = "1"))]
     name: String,
     open_registrations: bool,
-    short_description: String,
+    short_description: SafeString,
-    long_description: String,
+    long_description: SafeString,
     #[validate(length(min = "1"))]
     default_license: String
 }

src/setup.rs

@@ -6,6 +6,7 @@ use std::io;
 use std::path::Path;
 use std::process::{exit, Command};
 use rpassword;
+use plume_models::safe_string::SafeString;
 
 use plume_models::{
     DB_URL,
@@ -152,8 +153,8 @@ fn quick_setup(conn: DbConn) {
         public_domain: domain,
         name: name,
         local: true,
-        long_description: String::new(),
+        long_description: SafeString::new(""),
-        short_description: String::new(),
+        short_description: SafeString::new(""),
         default_license: String::from("CC-0"),
         open_registrations: true,
         short_description_html: String::new(),

templates/instance/admin.html.tera

@@ -23,10 +23,10 @@
         </label>
 
         <label for="short_description">{{ "Short description" | _ }}<small>{{ "Markdown is supported" | _ }}</small></label>
-        <textarea id="short_description" name="short_description">{{ form.short_description | default(value=instance.short_description) }}</textarea>
+        <textarea id="short_description" name="short_description">{{ form.short_description | default(value=instance.short_description | safe) }}</textarea>
 
         <label for="long_description">{{ "Long description" | _ }}<small>{{ "Markdown is supported" | _ }}</small></label>
-        <textarea id="long_description" name="long_description">{{ form.long_description | default(value=instance.long_description) }}</textarea>
+        <textarea id="long_description" name="long_description">{{ form.long_description | default(value=instance.long_description | safe) }}</textarea>
 
         {{ macros::input(name="default_license", label="Default license", errors=errors, form=form, props='minlenght="1"', default=instance) }}