diff options
author | Michael Muré <batolettre@gmail.com> | 2021-04-17 17:40:11 +0200 |
---|---|---|
committer | Michael Muré <batolettre@gmail.com> | 2021-04-17 17:40:11 +0200 |
commit | 51a2c85954e77068c6afbb4ca54159086220aefd (patch) | |
tree | 9b424181369a67f69502a27186bd266a19a28506 /util/text/transform.go | |
parent | 62fb09a53cc626ac581f33b466a1cdf14eb6ed89 (diff) | |
download | git-bug-51a2c85954e77068c6afbb4ca54159086220aefd.tar.gz |
make sure every text input is safe and validated
fix #630
Diffstat (limited to 'util/text/transform.go')
-rw-r--r-- | util/text/transform.go | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/util/text/transform.go b/util/text/transform.go index 59dc4e03..395a57be 100644 --- a/util/text/transform.go +++ b/util/text/transform.go @@ -8,7 +8,7 @@ import ( "golang.org/x/text/transform" ) -func Cleanup(text string) (string, error) { +func Cleanup(text string) string { // windows new line, Github, really ? text = strings.Replace(text, "\r\n", "\n", -1) @@ -23,9 +23,33 @@ func Cleanup(text string) (string, error) { })) sanitized, _, err := transform.String(t, text) if err != nil { - return "", err + // transform.String should never return an error as our transformer doesn't returns one. + // Confirmed with fuzzing. + panic(err) } // trim extra new line not displayed in the github UI but still present in the data - return strings.TrimSpace(sanitized), nil + return strings.TrimSpace(sanitized) +} + +func CleanupOneLine(text string) string { + // remove all unicode control characters *including* + // '\n', '\r' and '\t' + t := runes.Remove(runes.Predicate(unicode.IsControl)) + sanitized, _, err := transform.String(t, text) + if err != nil { + // transform.String should never return an error as our transformer doesn't returns one. + // Confirmed with fuzzing. + panic(err) + } + + // trim extra new line not displayed in the github UI but still present in the data + return strings.TrimSpace(sanitized) +} + +func CleanupOneLineArray(texts []string) []string { + for i := range texts { + texts[i] = CleanupOneLine(texts[i]) + } + return texts } |