post.save = function save (req, res, next) {
var sqlConfig = require('../../sqlConfig');
var knex = require('knex')(sqlConfig);
var date = require('../../shared/date');
var now = date.sqlNow();
var insane = require('insane');
console.log('saving post');
// clean up html to only allow a subset of html
// see https://github.com/bevacqua/insane for documentation and defaults
var content = insane(req.body.content);
console.log(content);
// second condition is checking for non-empty posts
if (req.body.content && req.body.content.indexOf('<div><br></div>') !== 0 && req.body.threadId && req.body.userId) {
console.log('inserting post');
knex('posts').insert({
content: content,
userId: req.body.userId,
threadId: req.body.threadId,
created_at: now,
updated_at: now
}).then(function (rows) {
console.log(rows);
res.redirect('/thread/' + req.body.threadId);
}).catch(function (error) {
console.log(error);
req.flash('error', [error.code]);
res.status(500).send();
});
} else {
req.flash('error', ['No post data submitted.']);
res.status(500).send();
}
};
function sanitize (html, o) {
var headings = { h1: 'id', h2: 'id', h3: 'id', h4: 'id', h5: 'id', h6: 'id' };
var options = assign({ allowedClasses: {}, allowedAttributes: headings }, o);
var ac = options.allowedClasses;
add('mark', ['md-mark', 'md-code-mark']);
add('pre', ['md-code-block']);
add('code', markdown.languages);
add('span', hightokens);
return insane(html, options);
function add (type, more) {
ac[type] = (ac[type] || []).concat(more);
}
}