Sanitize Brand inputs

ciukstar · Nov 10, 2023 · ccd7df7 · ccd7df7
1 parent da13be9
commit ccd7df7
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 20 deletions.
diff --git a/config/models.persistentmodels b/config/models.persistentmodels
@@ -104,11 +104,11 @@ Brand
   markMime Text Maybe
   markWidth Text Maybe
   markHeight Text Maybe
-  name Textarea Maybe
-  strapline Textarea Maybe
+  name Html Maybe
+  strapline Html Maybe
   ico ByteString Maybe
   icoMime Text Maybe
-  more Textarea Maybe
+  more Html Maybe
 
 ContactUs
   business BusinessId OnDeleteCascade

diff --git a/src/Admin/Business.hs b/src/Admin/Business.hs
@@ -80,7 +80,6 @@ import Yesod.Core
     , redirect, addMessageI, newIdent, addScriptRemote, addStylesheetRemote
     , FileInfo (fileContentType), TypedContent (TypedContent), typeSvg
     , emptyContent, ToContent (toContent), fileSourceByteString
-    , preEscapedToMarkup
     )
 import Yesod.Core.Handler
     ( setUltDestCurrent, getCurrentRoute, getYesod, languages
@@ -89,7 +88,7 @@ import Yesod.Core.Widget (setTitleI, whamlet, toWidget)
 import Yesod.Form.Input (runInputGet, iopt)
 import Yesod.Form.Fields
     ( textField, emailField, textareaField, intField, dayField, timeField
-    , hiddenField, htmlField, checkBoxField, doubleField, unTextarea, fileField
+    , hiddenField, htmlField, checkBoxField, doubleField, fileField
     )
 import Yesod.Form.Functions
     ( generateFormPost, mreq, mopt, runFormPost, checkM, check )
@@ -316,12 +315,12 @@ formBrand bid brand extra = do
         , fsTooltip = Nothing, fsId = Nothing, fsName = Nothing
         , fsAttrs = [("class","mdc-text-field__input")]
         } (brandMarkHeight . entityVal <$> brand)
-    (nameR,nameV) <- mopt textareaField FieldSettings
+    (nameR,nameV) <- mopt htmlField FieldSettings
         { fsLabel = SomeMessage MsgBrandName
         , fsTooltip = Nothing, fsId = Nothing, fsName = Nothing
         , fsAttrs = [("class","mdc-text-field__input")]
         } (brandName . entityVal <$> brand)
-    (strapR,strapV) <- mopt textareaField FieldSettings
+    (strapR,strapV) <- mopt htmlField FieldSettings
         { fsLabel = SomeMessage MsgBrandStrapline
         , fsTooltip = Nothing, fsId = Nothing, fsName = Nothing
         , fsAttrs = [("class","mdc-text-field__input")]
@@ -331,7 +330,7 @@ formBrand bid brand extra = do
         , fsTooltip = Nothing, fsId = Nothing, fsName = Nothing
         , fsAttrs = [("style","display:none"),("accept","image/ico,.ico")]
         } Nothing
-    (moreR,moreV) <- mopt textareaField FieldSettings
+    (moreR,moreV) <- mopt htmlField FieldSettings
         { fsLabel = SomeMessage MsgMore
         , fsTooltip = Nothing, fsId = Nothing, fsName = Nothing
         , fsAttrs = [("class","mdc-text-field__input")]

diff --git a/src/Handler/Home.hs b/src/Handler/Home.hs
@@ -10,10 +10,10 @@ import Text.Hamlet (Html)
 import Settings (widgetFile)
 import Yesod.Core
     ( Yesod(defaultLayout), setTitleI, setUltDestCurrent
-    , getMessages, preEscapedToMarkup
+    , getMessages
     )
 import Yesod.Auth (Route(LoginR), maybeAuth)
-import Yesod.Form.Fields (unTextarea)
+
 import Settings.StaticFiles (img_salon_svg)
 
 import Database.Persist (Entity (Entity))

diff --git a/templates/admin/business/brand/brand.hamlet b/templates/admin/business/brand/brand.hamlet
@@ -119,18 +119,18 @@
                 <img src=@{AdminR $ BrandMarkR bid rid} alt=_{MsgBrandMark} style="max-width:100%">
           <figcaption>
             $maybe name <- name
-              #{preEscapedToMarkup $ unTextarea name}
+              ^{name}
             $maybe strap <- strap
-              #{preEscapedToMarkup $ unTextarea strap}
+              ^{strap}
       $nothing
         <figure>
           <figcaption>
             $maybe name <- name
-              #{preEscapedToMarkup $ unTextarea name}
+              ^{name}
             $maybe strap <- strap
-              #{preEscapedToMarkup $ unTextarea strap}
+              ^{strap}
       $maybe more <- more
-        #{preEscapedToMarkup $ unTextarea more}
+        ^{more}
     $nothing
       <figure style="text-align:center">
         <span style="font-size:5rem;color:var(--mdc-theme-primary)">&varnothing;

diff --git a/templates/homepage.hamlet b/templates/homepage.hamlet
@@ -39,18 +39,18 @@
               <img src=@{AdminR $ BrandMarkR bid rid} alt=_{MsgBrandMark} style="max-width:100%">
           <figcaption>
             $maybe name <- name
-              #{preEscapedToMarkup $ unTextarea name}
+              ^{name}
             $maybe strap <- strap
-              #{preEscapedToMarkup $ unTextarea strap}
+              ^{strap}
       $nothing
         <figure>
           <figcaption>
             $maybe name <- name
-              #{preEscapedToMarkup $ unTextarea name}
+              ^{name}
             $maybe strap <- strap
-              #{preEscapedToMarkup $ unTextarea strap}
+              ^{strap}
       $maybe more <- more
-        #{preEscapedToMarkup $ unTextarea more}
+        ^{more}
   $nothing
     <div #brandDefault>
       <figure>