From de24d64f44cd7eacdd4bc3b2992567c74d97b0ab Mon Sep 17 00:00:00 2001
From: "Zed A. Shaw" <zed.shaw@gmail.com>
Date: Fri, 11 Jul 2025 11:11:44 -0400
Subject: [PATCH] Use http_url in Validator instead of url or else people can
 inject JavaScript.

---
 data/models.go             | 2 +-
 public/register/index.html | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/data/models.go b/data/models.go
index a5f1c3b..6aafba5 100644
--- a/data/models.go
+++ b/data/models.go
@@ -14,7 +14,7 @@ type User struct {
 type Link struct {
   Id int `db:"id" json:"id"`
   StreamId int `db:"stream_id" json:"stream_id" form:"stream_id" validate:"required,numeric"`
-  Url string `db:"url" json:"url" form:"url" validate:"required,url"`
+  Url string `db:"url" json:"url" form:"url" validate:"required,http_url"`
   Description string `db:"description" json:"description" form:"description" validate:"required"`
 }
 
diff --git a/public/register/index.html b/public/register/index.html
index 9d8b2c9..79e57f1 100644
--- a/public/register/index.html
+++ b/public/register/index.html
@@ -32,8 +32,8 @@
       <middle>
         <label for="username">Username</label>
         <input id="username" name="username" placeholder="Username" type="text">
-        <label for="email">Email</label>
-        <input id="email" name="email" placeholder="Email" type="text">
+        <label for="email">FAKE! Email</label>
+        <input id="email" name="email" placeholder="fake@faker.com" type="text">
         <label for="password">Password</label>
         <input id="password" name="password" placeholder="Password" type="password">
       </middle>