Use http_url in Validator instead of url or else people can inject JavaScript.

data/models.go

@@ -14,7 +14,7 @@ type User struct {
 type Link struct {
   Id int `db:"id" json:"id"`
   StreamId int `db:"stream_id" json:"stream_id" form:"stream_id" validate:"required,numeric"`
-  Url string `db:"url" json:"url" form:"url" validate:"required,url"`
+  Url string `db:"url" json:"url" form:"url" validate:"required,http_url"`
   Description string `db:"description" json:"description" form:"description" validate:"required"`
 }
 

public/register/index.html

@@ -32,8 +32,8 @@
       <middle>
         <label for="username">Username</label>
         <input id="username" name="username" placeholder="Username" type="text">
-        <label for="email">Email</label>
+        <label for="email">FAKE! Email</label>
-        <input id="email" name="email" placeholder="Email" type="text">
+        <input id="email" name="email" placeholder="fake@faker.com" type="text">
         <label for="password">Password</label>
         <input id="password" name="password" placeholder="Password" type="password">
       </middle>