a 500 error is much better than an XSS, bro

master
Aevann1 2022-06-07 12:03:51 +02:00
parent cb5f9d05c6
commit 4a1e6cc726
3 changed files with 4 additions and 3 deletions

View File

@ -9,7 +9,7 @@ def create_comment(text_html, autojanny=False):
new_comment = Comment(author_id=author_id,
parent_submission=None,
body_html=text_html[:40000],
body_html=text_html,
distinguish_level=6)
g.db.add(new_comment)
g.db.flush()

View File

@ -420,6 +420,7 @@ def transfer_coins(v, username):
notif_text = f":marseycapitalistmanlet: @{v.username} has gifted you {amount-tax} coins!"
if reason:
if len(reason) > 200: return {"error": "Reason is too long, max 200 characters"},400
notif_text += f"\n\n> {reason}"
send_repeatable_notification(receiver.id, notif_text)

View File

@ -214,7 +214,7 @@
<div class="d-none mt-3 toggleable" id="coin-transfer">
<input autocomplete="off" id="coin-transfer-amount" class="form-control" name="amount" type="number" oninput="updateTax()">
<input autocomplete="off" id="coin-transfer-reason" type="text" class="form-control" name="reason" placeholder="Gift message! (optional)">
<input autocomplete="off" id="coin-transfer-reason" maxlength=200 type="text" class="form-control" name="reason" placeholder="Gift message! (optional)">
<div>{{u.username}} will receive <span id="coins-transfer-taxed">0</span> coins</div>
<button class="btn btn-primary mt-3" onclick="transferCoins()">Gift</button>
</div>
@ -524,7 +524,7 @@
<div class="d-none mt-3 toggleable" id="coin-transfer-mobile">
<input autocomplete="off" id="coin-transfer-amount-mobile" class="form-control" name="amount" type="number" oninput="updateTax(true)">
<input autocomplete="off" id="coin-transfer-reason-mobile" type="text" class="form-control" name="reason" placeholder="Gift message! (optional)">
<input autocomplete="off" id="coin-transfer-reason-mobile" maxlength=200 type="text" class="form-control" name="reason" placeholder="Gift message! (optional)">
<div>{{u.username}} will receive <span id="coins-transfer-taxed-mobile">0</span> coins</div>
<button class="btn btn-primary mt-2 mb-3" onclick="transferCoins(true)">Gift</button>
</div>