Improved input validation.

This commit is contained in:
Martin Edenhofer 2015-01-27 08:38:17 +01:00
parent bc979bbf4a
commit 47f94c54d6
3 changed files with 64 additions and 0 deletions

View file

@ -114,6 +114,10 @@ class _taskManagerSingleton extends App.Controller
@workers @workers
add: ( key, callback, params, to_not_show = false ) -> add: ( key, callback, params, to_not_show = false ) ->
# input validation
key = App.Utils.htmlAttributeCleanup(key)
active = true active = true
if to_not_show if to_not_show
active = false active = false

View file

@ -190,3 +190,7 @@ class App.Utils
return true if messageCleanup.match(/<(br|\s+?|\/)>$/im) return true if messageCleanup.match(/<(br|\s+?|\/)>$/im)
return true if messageCleanup.match(/<div(|\s.+?)><\/div>$/im) return true if messageCleanup.match(/<div(|\s.+?)><\/div>$/im)
false false
# cleanString = App.Utils.htmlAttributeCleanup( string )
@htmlAttributeCleanup: (string) ->
string.replace(/(\!|\s|\r|\t|,|\.|\?|"|'|\^|#)/g, '')

View file

@ -537,6 +537,62 @@ test( "check if last line is a empty line", function() {
equal( verify, result, message ) equal( verify, result, message )
});
// check attibute validation
test( "check attibute validation", function() {
var string = '123'
var result = '123'
var verify = App.Utils.htmlAttributeCleanup( string )
equal( verify, result, string )
string = '123!'
result = '123'
verify = App.Utils.htmlAttributeCleanup( string )
equal( verify, result, string )
string = '12 3!'
result = '123'
verify = App.Utils.htmlAttributeCleanup( string )
equal( verify, result, string )
string = '12-3!'
result = '12-3'
verify = App.Utils.htmlAttributeCleanup( string )
equal( verify, result, string )
string = '12_3!'
result = '12_3'
verify = App.Utils.htmlAttributeCleanup( string )
equal( verify, result, string )
string = '^12_3!'
result = '12_3'
verify = App.Utils.htmlAttributeCleanup( string )
equal( verify, result, string )
string = '^1\n 2_3!'
result = '12_3'
verify = App.Utils.htmlAttributeCleanup( string )
equal( verify, result, string )
string = 'abc?'
result = 'abc'
verify = App.Utils.htmlAttributeCleanup( string )
equal( verify, result, string )
string = 'abc."'
result = 'abc'
verify = App.Utils.htmlAttributeCleanup( string )
equal( verify, result, string )
string = '#abc!^'
result = 'abc'
verify = App.Utils.htmlAttributeCleanup( string )
equal( verify, result, string )
}); });
} }