From b5e3e16842bd6e163d7d32f60c621a4dc6b655eb Mon Sep 17 00:00:00 2001
From: Uko Kokņevičs
Date: Tue, 27 Aug 2024 00:39:59 +0800
Subject: Do some extra user input validation

---
 src/main.zig | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

(limited to 'src')

diff --git a/src/main.zig b/src/main.zig
index 04d4055..544b105 100644
--- a/src/main.zig
+++ b/src/main.zig
@@ -1,5 +1,6 @@
-const types = @import("types.zig");
 const std = @import("std");
+const types = @import("types.zig");
+const utils = @import("utils.zig");
 
 const Allocator = std.mem.Allocator;
 const ArrayList = std.ArrayList;
@@ -198,16 +199,16 @@ fn onTextMessage(bot: *Bot, msg: types.Message, text: []const u8) !void {
             },
         });
     } else if (std.ascii.startsWithIgnoreCase(text, "big ")) {
-        var output = try bot.allocator.alloc(u8, text.len + 3);
-        defer bot.allocator.free(output);
+        var output = ArrayList(u8).init(bot.allocator);
+        defer output.deinit();
 
-        std.mem.copyForwards(u8, output, "<b>");
-        _ = std.ascii.upperString(output[3..], text[4..]);
-        std.mem.copyForwards(u8, output[output.len - 4 ..], "</b>");
+        try output.appendSlice("<b>");
+        try utils.escapeXml(output.writer(), text[4..]);
+        try output.appendSlice("</b>");
 
         try bot.sendMessage_(.{
             .chat_id = msg.chat.id,
-            .text = output,
+            .text = output.items,
             .parse_mode = .html,
             .reply_parameters = .{
                 .message_id = msg.message_id,
-- 
cgit v1.2.3