fix topic special tags

[lunny]

This will filter special tags on topics.

[codecov-io]

Codecov Report

❗ No coverage uploaded for pull request base (master@11da1e6). Click here to learn what that means.
The diff coverage is 57.14%.

@@            Coverage Diff            @@
##             master    #4031   +/-   ##
=========================================
  Coverage          ?   19.97%           
=========================================
  Files             ?      153           
  Lines             ?    30484           
  Branches          ?        0           
=========================================
  Hits              ?     6090           
  Misses            ?    23480           
  Partials          ?      914

Impacted Files	Coverage Δ
models/topic.go	54.78% <57.14%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 11da1e6...d87510a. Read the comment docs.

[jonasfranz]

If I add the topic "><iframe><div class=" it will result in:

If I try to remove the same topic which I added before your PR will result in not removing it.
In the console this error appears:
Error: Syntax error, unrecognized expression: [data-value=""><iframe><div class=""] jquery.min.js:2:12731

[axifive]

I think for topics we need to add restrictions on the used symbols like GitHub topics and StackOverflow tags.

Rules:

1. All topics are in lowercase
2. Can be used only [a-z0-9_+.#-] symbols
3. Length limitation - {1, 35} chars
4. Number of topics added to the repository - max 25 topics
   ... maybe something else

[techknowlogick]

I'm approving this because it gets rid of the security issue. A different PR can be created later to limit what can be in a tag.

[bkcsoft]

Only a few nit-picks

[bkcsoft]

if topicName = validTopic(topicName); len(topicName) == 0 {

[bkcsoft]

same as above

[bkcsoft]

What does this magical function do? Mind adding that to a comment above the function? :)

[techknowlogick]

It replaces all tags (substrings on the form <...>) with a space, " " when a user pastes, but I agree there should be a comment.

[jonasfranz]

@techknowlogick I cannot follow you because the security issue is not resolved as I stated in a previous comment. If you think that this will resolve the problem, let me know it!

Edit: It actually resolves the security problem but introduces a bug as I mentioned in the previous comment.

[techknowlogick]

@JonasFranzDEV yes. I give LG-TM because bug happens when a user has the "'s in their tag (at least that's the only way I can trigger it in my build of this branch), which hopefully is an uncommon character for a tag. This is why I am ok with the PR as it resolves the security, and still improves upon existing behavior.

It is almost my lunch hour, and so I might be able to send a patch to Lunny. Sadly I wasn't able to accomplish this.

[techknowlogick]

@JonasFranzDEV what if in the validTopic function, the list of conditions that @axifive made were added?

[axifive]

@techknowlogick, I'm working on the full solution with front/back validation. And I also found repo topics duplication bug. I'll try to finish this on the weekend.

[lunny]

closed by #4258