Fix compilation error

2024-05-17 09:22:38 +00:00 · 2023-10-11 14:48:41 -04:00 · 2023-10-11 14:48:41 -04:00 · 1c189798cb
parent 645bf21d54
commit 1c189798cb
2 changed files with 18 additions and 1 deletions
--- a/crates/api_common/src/utils.rs
+++ b/crates/api_common/src/utils.rs
@ -723,6 +723,23 @@ pub fn generate_moderators_url(community_id: &DbUrl) -> Result<DbUrl, LemmyError
  Ok(Url::parse(&format!("{community_id}/moderators"))?.into())
 }

+/// Replace special HTML characters in API parameters to prevent XSS attacks.
+///
+/// Taken from https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md#output-encoding-for-html-contexts
+///
+/// `>` is left in place because it is interpreted as markdown quote.
+pub fn sanitize_html_api(data: &str) -> String {
+  data
+    .replace('&', "&amp;")
+    .replace('<', "&lt;")
+    .replace('\"', "&quot;")
+    .replace('\'', "&#x27;")
+}
+
+pub fn sanitize_html_api_opt(data: &Option<String>) -> Option<String> {
+  data.as_ref().map(|d| sanitize_html_api(d))
+}
+
 pub fn create_login_cookie(jwt: Sensitive<String>) -> Cookie<'static> {
  let mut cookie = Cookie::new(AUTH_COOKIE_NAME, jwt.into_inner());
  cookie.set_secure(true);
--- a/crates/utils/translations
+++ b/crates/utils/translations
@ -1 +1 @@
-Subproject commit e943f97fe481dc425acdebc8872bf1fdcabaf875
+Subproject commit d0f3548379e446d2c333e582734bc68f8d684f4d