From 726285e63467820f94cbf872abe71025a161c212 Mon Sep 17 00:00:00 2001
From: lujiefsi <lujiefsi@foxmail.com>
Date: Mon, 19 Dec 2022 18:26:50 +0800
Subject: [PATCH] chore: restrict the html file (#749)

* restrict the html file

* replace spaces with table

* remove space
---
 server/resource.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/server/resource.go b/server/resource.go
index bbf009ed..9021b044 100644
--- a/server/resource.go
+++ b/server/resource.go
@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"net/url"
 	"strconv"
+	"strings"
 	"time"
 
 	"github.com/usememos/memos/api"
@@ -42,6 +43,10 @@ func (s *Server) registerResourceRoutes(g *echo.Group) {
 		}
 
 		filename := file.Filename
+		if strings.HasSuffix(filename, ".html") {
+			return echo.NewHTTPError(http.StatusBadRequest, "html file is not allowed")
+		}
+
 		filetype := file.Header.Get("Content-Type")
 		size := file.Size
 		src, err := file.Open()