post.save = function save (req, res, next) { var sqlConfig = require('../../sqlConfig'); var knex = require('knex')(sqlConfig); var date = require('../../shared/date'); var now = date.sqlNow(); var insane = require('insane'); console.log('saving post'); // clean up html to only allow a subset of html // see https://github.com/bevacqua/insane for documentation and defaults var content = insane(req.body.content); console.log(content); // second condition is checking for non-empty posts if (req.body.content && req.body.content.indexOf('<div><br></div>') !== 0 && req.body.threadId && req.body.userId) { console.log('inserting post'); knex('posts').insert({ content: content, userId: req.body.userId, threadId: req.body.threadId, created_at: now, updated_at: now }).then(function (rows) { console.log(rows); res.redirect('/thread/' + req.body.threadId); }).catch(function (error) { console.log(error); req.flash('error', [error.code]); res.status(500).send(); }); } else { req.flash('error', ['No post data submitted.']); res.status(500).send(); } };
function sanitize (html, o) { var headings = { h1: 'id', h2: 'id', h3: 'id', h4: 'id', h5: 'id', h6: 'id' }; var options = assign({ allowedClasses: {}, allowedAttributes: headings }, o); var ac = options.allowedClasses; add('mark', ['md-mark', 'md-code-mark']); add('pre', ['md-code-block']); add('code', markdown.languages); add('span', hightokens); return insane(html, options); function add (type, more) { ac[type] = (ac[type] || []).concat(more); } }