feat: html tags in user motto

web/app/controllers/user_info.php

@@ -14,7 +14,7 @@
 <?php if (validateUsername($username) && ($user = queryUser($username))): ?>
 	<?php echoUOJPageHeader($user['username'] . ' - ' . UOJLocale::get('user profile')) ?>
 	<?php
-			$esc_email = HTML::escape($user['email']);
+		$esc_email = HTML::escape($user['email']);
 		$esc_qq = HTML::escape($user['qq'] != 0 ? $user['qq'] : 'Unfilled');
 		$esc_sex = HTML::escape($user['sex']);
 		$col_sex="color:blue";
@@ -28,7 +28,7 @@
 			$esc_sex="";
 			$col_sex="color:black";
 		}
-	$esc_motto = HTML::escape($user['motto']);
+	$motto = addslashes($user['motto']);
 	?>
 	<div class="card border-info">
 		<h5 class="card-header bg-info"><?= UOJLocale::get('user profile') ?></h5>
@@ -49,9 +49,16 @@
 							<p class="list-group-item-text"><?= $esc_qq ?></p>
 						</div>
 						<div class="list-group-item">
-							<h4 class="list-group-item-heading"><?= UOJLocale::get('motto') ?></h4>
-							<p class="list-group-item-text"><?= $esc_motto ?></p>
+							<h4 class="list-group-item-heading"><?= UOJLocale::get('motto') ?></h4><?php
+								$motto_id = uniqid("motto-{$user['username']}-");
+	$dom_sanitize_config = DOM_SANITIZE_CONFIG;
+	?>
+							<p class="list-group-item-text" id="<?= $motto_id ?>"></p>
+							<script type="text/javascript">
+								$(function() { $('#<?= $motto_id ?>').html(DOMPurify.sanitize('<?= $motto ?>', <?= $dom_sanitize_config ?>)); });
+							</script>
 						</div>
+						
 						<?php if (isSuperUser($myUser)): ?>
 						<div class="list-group-item">
 							<h4 class="list-group-item-heading">register time</h4>

web/app/libs/uoj-html-lib.php

@@ -1,5 +1,7 @@
 <?php
 
+define('DOM_SANITIZE_CONFIG', "{ALLOWED_TAGS: ['a', 'b', 'i', 'u', 'em', 'strong', 'sub', 'sup', 'small', 'del'], ALLOWED_ATTR: ['href']}");
+
 function uojHandleAtSign($str, $uri) {
 	$referrers = array();
 	$res = preg_replace_callback('/@(@|[a-zA-Z0-9_]{1,20})/', function($matches) use (&$referrers) {
@@ -990,7 +992,13 @@ function echoRanklist($config = array()) {
 		echo '<tr>';
 		echo '<td>' . $user['rank'] . '</td>';
 		echo '<td>' . getUserLink($user['username']) . '</td>';
-		echo '<td>' . HTML::escape($user['motto']) . '</td>';
+		$motto_id = uniqid("motto-{$user['username']}-");
+		echo "<td id=\"$motto_id\"></td>";
+		$motto = addslashes($user['motto']);
+		$dom_sanitize_config = DOM_SANITIZE_CONFIG;
+		echo '<script type="text/javascript">';
+		echo "$(function() { $('#$motto_id').html(DOMPurify.sanitize('{$motto}', $dom_sanitize_config)); });";
+		echo '</script>';
 		echo '<td>' . $user['ac_num'] . '</td>';
 		echo '</tr>';
 		

web/app/libs/uoj-validate-lib.php

@@ -17,7 +17,7 @@ function validateQQ($QQ) {
 }
 
 function validateMotto($motto) {
-	return is_string($motto) && ($len = mb_strlen($motto, 'UTF-8')) !== false && $len <= 50;
+	return is_string($motto) && ($len = mb_strlen($motto, 'UTF-8')) !== false && $len <= 1024;
 }
 
 function validateUInt($x) { // [0, 1000000000)

web/app/views/page-header.php

@@ -78,6 +78,9 @@
 		<!-- Color converter -->
 		<?= HTML::js_src('/js/color-converter.min.js') ?>
 		
+		<!-- DOM Santizer -->
+		<?= HTML::js_src('/js/purify.min.js') ?>
+		
 		<!-- uoj -->
 		<?= HTML::js_src('/js/uoj.js?v=2017.01.01') ?>
 		

web/js/uoj.js

@@ -232,8 +232,8 @@ function validateQQ(str) {
 	}
 }
 function validateMotto(str) {
-	if (str.length > 50) {
-		return '不能超过50字';
+	if (str.length > 1024) {
+		return '不能超过 1024 个字符。';
 	} else {
 		return '';
 	}