52 lines
1.4 KiB
Python
52 lines
1.4 KiB
Python
|
"""Contact form validation schemas."""
|
||
|
|
import logging
|
||
|
|
import re
|
||
|
|
|
||
|
|
from marshmallow import Schema, fields, validate, validates_schema, ValidationError
|
||
|
|
|
||
|
|
logger = logging.getLogger(__name__)
|
||
|
|
|
||
|
|
|
||
|
|
class ContactSchema(Schema):
|
||
|
|
"""Schema for contact form submissions."""
|
||
|
|
|
||
|
|
email = fields.Email(required=True)
|
||
|
|
name = fields.Str(
|
||
|
|
allow_none=True,
|
||
|
|
load_default=None,
|
||
|
|
validate=validate.Length(max=255),
|
||
|
|
)
|
||
|
|
company = fields.Str(
|
||
|
|
allow_none=True,
|
||
|
|
load_default=None,
|
||
|
|
validate=validate.Length(max=255),
|
||
|
|
)
|
||
|
|
enquiry_type = fields.Str(
|
||
|
|
required=True,
|
||
|
|
validate=validate.OneOf(["demo_request", "sales_enquiry", "general", "support"]),
|
||
|
|
)
|
||
|
|
message = fields.Str(
|
||
|
|
allow_none=True,
|
||
|
|
load_default=None,
|
||
|
|
validate=validate.Length(max=2000),
|
||
|
|
)
|
||
|
|
interest_area = fields.Str(
|
||
|
|
allow_none=True,
|
||
|
|
load_default=None,
|
||
|
|
validate=validate.Length(max=100),
|
||
|
|
)
|
||
|
|
_hp = fields.Str(
|
||
|
|
allow_none=True,
|
||
|
|
load_default=None,
|
||
|
|
load_from="_hp",
|
||
|
|
)
|
||
|
|
|
||
|
|
@validates_schema
|
||
|
|
def sanitize_html(self, data, **kwargs):
|
||
|
|
"""Strip HTML tags from all text fields to prevent XSS."""
|
||
|
|
text_fields = ["name", "company", "message", "interest_area"]
|
||
|
|
for field in text_fields:
|
||
|
|
value = data.get(field)
|
||
|
|
if value and isinstance(value, str):
|
||
|
|
data[field] = re.sub(r"<[^>]*>", "", value)
|