From c071aca5c5c16d56aafe38ace2b2c158e1b875fc Mon Sep 17 00:00:00 2001
From: Daniel Hader <dhader96@gmail.com>
Date: Fri, 5 Jun 2026 19:29:40 -0500
Subject: server text sanitation, username/email filters, and code length
 measurement

---
 src/routes/submission.rs | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

(limited to 'src/routes/submission.rs')

diff --git a/src/routes/submission.rs b/src/routes/submission.rs
index b3cf2b9..99767c2 100644
--- a/src/routes/submission.rs
+++ b/src/routes/submission.rs
@@ -1,3 +1,4 @@
+use ammonia::clean_text;
 use axum::{Json, extract::{Path, State}, http::StatusCode, response::IntoResponse};
 use serde::Deserialize;
 
@@ -18,15 +19,22 @@ pub async fn create_submission(
 ) -> Result<impl IntoResponse, RouteError> {
     let user_id = claims.sub;
 
+    let code_length = request.code.len() as i64;
+    
+    let language = clean_text(&request.language);
+    let details = clean_text(&request.details);
+    let code = clean_text(&request.code);
+
     match state.database.insert_submission(
         user_id,
         request.problem_id,
-        &request.language,
-        &request.details,
-        &request.code
+        &language,
+        &details,
+        &code,
+        code_length,
     ) {
         Ok(submission) => Ok((StatusCode::CREATED, Json(submission))),
-        Err(_) => Err(RouteError::Internal(format!("unable to insert submission")))
+        Err(e) => Err(RouteError::Internal(format!("unable to insert submission {e:?}")))
     }
 }
 
-- 
cgit v1.2.3