xss validation

This commit is contained in:
Mazyar
2025-12-07 23:52:17 +03:30
parent b8a10f355e
commit 7fb182f180
10 changed files with 372 additions and 29 deletions
+75 -1
View File
@@ -1,6 +1,11 @@
package inquiry
import "tm/pkg/response"
import (
"tm/pkg/response"
"tm/pkg/security"
"github.com/asaskevich/govalidator"
)
// Inquiry DTOs
@@ -83,3 +88,72 @@ func (i *Inquiry) ToResponse() *InquiryResponse {
UpdatedAt: i.UpdatedAt,
}
}
// ValidateAndSanitize validates and sanitizes the form
func (f *CreateInquiryForm) ValidateAndSanitize(xssPolicy *security.XSSPolicy) error {
var err error
// Sanitize and validate FullName
f.FullName, err = xssPolicy.ValidateAndSanitizeInput(f.FullName, "text")
if err != nil {
return err
}
// Sanitize and validate CompanyName
f.CompanyName, err = xssPolicy.ValidateAndSanitizeInput(f.CompanyName, "text")
if err != nil {
return err
}
// Sanitize and validate WorkEmail (email validation is separate)
f.WorkEmail, err = xssPolicy.ValidateAndSanitizeInput(f.WorkEmail, "email")
if err != nil {
return err
}
// Sanitize and validate PhoneNumber
f.PhoneNumber, err = xssPolicy.ValidateAndSanitizeInput(f.PhoneNumber, "phone")
if err != nil {
return err
}
// Standard govalidator validation
_, err = govalidator.ValidateStruct(f)
return err
}
// ValidateAndSanitize validates and sanitizes the status update form
func (f *UpdateInquiryStatusForm) ValidateAndSanitize(xssPolicy *security.XSSPolicy) error {
var err error
// Sanitize Reason
f.Reason, err = xssPolicy.ValidateAndSanitizeInput(f.Reason, "text")
if err != nil {
return err
}
// Sanitize Description
f.Description, err = xssPolicy.ValidateAndSanitizeInput(f.Description, "html")
if err != nil {
return err
}
// Standard govalidator validation
_, err = govalidator.ValidateStruct(f)
return err
}
// ValidateAndSanitize validates and sanitizes the search form
func (f *SearchInquiriesForm) ValidateAndSanitize(xssPolicy *security.XSSPolicy) error {
if f.Search != nil {
sanitized, err := xssPolicy.ValidateAndSanitizeInput(*f.Search, "text")
if err != nil {
return err
}
*f.Search = sanitized
}
// Standard govalidator validation
_, err := govalidator.ValidateStruct(f)
return err
}