Improved input validation.

2015-01-27 08:38:17 +01:00 · 2015-01-27 08:38:17 +01:00 · 47f94c54d6
commit 47f94c54d6
parent bc979bbf4a
3 changed files with 64 additions and 0 deletions
--- a/app/assets/javascripts/app/lib/app_post/task_manager.js.coffee
+++ b/app/assets/javascripts/app/lib/app_post/task_manager.js.coffee
@ -114,6 +114,10 @@ class _taskManagerSingleton extends App.Controller
    @workers

  add: ( key, callback, params, to_not_show = false ) ->
+
+    # input validation
+    key = App.Utils.htmlAttributeCleanup(key)
+
    active = true
    if to_not_show
      active = false
--- a/app/assets/javascripts/app/lib/app_post/utils.js.coffee
+++ b/app/assets/javascripts/app/lib/app_post/utils.js.coffee
@ -190,3 +190,7 @@ class App.Utils
    return true if messageCleanup.match(/<(br|\s+?|\/)>$/im)
    return true if messageCleanup.match(/<div(|\s.+?)><\/div>$/im)
    false
+
+  # cleanString = App.Utils.htmlAttributeCleanup( string )
+  @htmlAttributeCleanup: (string) ->
+    string.replace(/(\!|\s|\r|\t|,|\.|\?|"|'|\^|#)/g, '')
--- a/public/assets/tests/html-utils.js
+++ b/public/assets/tests/html-utils.js
@ -537,6 +537,62 @@ test( "check if last line is a empty line", function() {
  equal( verify, result, message )


+});
+
+// check attibute validation
+test( "check attibute validation", function() {
+
+  var string = '123'
+  var result  = '123'
+  var verify  = App.Utils.htmlAttributeCleanup( string )
+  equal( verify, result, string )
+
+  string = '123!'
+  result  = '123'
+  verify  = App.Utils.htmlAttributeCleanup( string )
+  equal( verify, result, string )
+
+  string = '12 3!'
+  result  = '123'
+  verify  = App.Utils.htmlAttributeCleanup( string )
+  equal( verify, result, string )
+
+  string = '12-3!'
+  result  = '12-3'
+  verify  = App.Utils.htmlAttributeCleanup( string )
+  equal( verify, result, string )
+
+  string = '12_3!'
+  result  = '12_3'
+  verify  = App.Utils.htmlAttributeCleanup( string )
+  equal( verify, result, string )
+
+  string = '^12_3!'
+  result  = '12_3'
+  verify  = App.Utils.htmlAttributeCleanup( string )
+  equal( verify, result, string )
+
+  string = '^1\n 2_3!'
+  result  = '12_3'
+  verify  = App.Utils.htmlAttributeCleanup( string )
+  equal( verify, result, string )
+
+  string = 'abc?'
+  result  = 'abc'
+  verify  = App.Utils.htmlAttributeCleanup( string )
+  equal( verify, result, string )
+
+  string = 'abc."'
+  result  = 'abc'
+  verify  = App.Utils.htmlAttributeCleanup( string )
+  equal( verify, result, string )
+
+  string = '#abc!^'
+  result  = 'abc'
+  verify  = App.Utils.htmlAttributeCleanup( string )
+  equal( verify, result, string )
+
+
 });

 }