GoWiki

<p><a href="http://aubble.com:8080" rel="nofollow">http://aubble.com:8080</a></p> <p>What do you guys think Code: <a href="https://www.dropbox.com/s/q7d5cj85o0o8mo6/gowiki.zip?dl=0" rel="nofollow">https://www.dropbox.com/s/q7d5cj85o0o8mo6/gowiki.zip?dl=0</a></p> <p>Made it with the go web applications tutorial and added a few editions of my own, haven&#39;t added css doe. If you&#39;re ever stuck on the exercises at the end, I did them all in this.</p> <p>even better now, I&#39;m still learning how to use git/github so I&#39;m gonna just post a link to the files. Its more secure now in that it escapes all text except for the links. So a &lt;script&gt; element isn&#39;t run by the browser, but its still displayed, the old version filtered them. I think its a more elegant solution now.</p> <hr/>**评论：**<br/><br/>elithrar_: <pre><p>Link fails (nothing listening). You might be better served by putting the code up on GitHub or BitBucket rather than providing a zip file download.</p></pre>JuicyMeJacKanoff: <pre><p>my bad. I was updating it, its up now! Don&#39;t know how to use either just yet, will try, thanks!</p></pre>xbudex: <pre><p>Do yourself a favor and learn git. Like right away. You will thank yourself later. Seriously, the importance of source control cannot be understated.</p></pre>izuriel: <pre><p>I know this great resource for basics: try.github.com</p></pre>jcbwlkr: <pre><p>Configure your editor to run <code>gofmt</code> or <code>goimports</code> on your code every time you save your changes. For this there are not a lot of changes but in the long run you and everyone else you work with will appreciate it.</p></pre>JuicyMeJacKanoff: <pre><p>gotcha, thanks.</p></pre>sharptierce: <pre><p>Do yourself a favor and put that website offline right now. I could misuse this in any way want. </p> <p>Start by reading this: <a href="https://en.wikipedia.org/wiki/Cross-site_scripting" rel="nofollow">https://en.wikipedia.org/wiki/Cross-site_scripting</a></p> <p>It seems this is only a hobby project but you should be more careful since its reachable from everyone. Additionally if you make it public through reddit. </p></pre>JuicyMeJacKanoff: <pre><p>it doesn&#39;t allow script elements, what is wrong? Only reason I don&#39;t escape html is so that you can type [pagename] and it auto inserts the link to that page. Im too lazy to implement a better algorithm for that.</p></pre>sharptierce: <pre><p>Well most wiki creators are too lazy. That&#39;s why they implement a meta lanuage like markdown or wiki syntax. Because it whitelists all operations that are allowed in a wiki. Not a blacklist with infinite entries and combinations. </p> <p>Filtering script tags is only one protection. There are many other scenarios like inserting iframe tags and doing csrf attacks. </p> <p>If you later on plan on adding authentication, it would allow me to capture cookies of all users and authenticate as their account and so on... </p> <p>Like a said, it&#39;s awesome that you started learning this stuff, and if you put your code to github or anything it&#39;s nothing wrong with that. But letting the server run public it&#39;s just dangerous. </p> <p>Maybe this will help you a lil bit more: <a href="https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet" rel="nofollow">https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet</a></p></pre>