Improved input validation.

2015-01-27 08:50:40 +01:00 · 2015-01-27 08:50:40 +01:00 · 5e0ae554f9
commit 5e0ae554f9
parent 47f94c54d6
3 changed files with 17 additions and 5 deletions
--- a/app/assets/javascripts/app/lib/app_post/task_manager.js.coffee
+++ b/app/assets/javascripts/app/lib/app_post/task_manager.js.coffee
@ -271,8 +271,12 @@ class _taskManagerSingleton extends App.Controller
    )
    @allTasks = allTasks || []

-    $('#content_permanent_' + key ).html('')
-    $('#content_permanent_' + key ).remove()
+    try
+      $('#content_permanent_' + key ).html('')
+      $('#content_permanent_' + key ).remove()
+    catch
+      @log 'notice', "invalid key '#{key}'"
+

    delete @workersStarted[ key ]
    delete @workers[ key ]
@ -304,8 +308,11 @@ class _taskManagerSingleton extends App.Controller

    # release tasks
    for task in @allTasks
-      $('#content_permanent_' + task.key ).html('')
-      $('#content_permanent_' + task.key ).remove()
+      try
+        $('#content_permanent_' + task.key ).html('')
+        $('#content_permanent_' + task.key ).remove()
+      catch
+        @log 'notice', "invalid key '#{key}'"

      delete @workersStarted[ task.key ]
      delete @workers[ task.key ]
--- a/app/assets/javascripts/app/lib/app_post/utils.js.coffee
+++ b/app/assets/javascripts/app/lib/app_post/utils.js.coffee
@ -193,4 +193,4 @@ class App.Utils

  # cleanString = App.Utils.htmlAttributeCleanup( string )
  @htmlAttributeCleanup: (string) ->
-    string.replace(/(\!|\s|\r|\t|,|\.|\?|"|'|\^|#)/g, '')
+    string.replace(/(\!|\s|\r|\t|,|\.|\?|"|'|\^|#|=|\(|\)|\$)/g, '')
--- a/public/assets/tests/html-utils.js
+++ b/public/assets/tests/html-utils.js
@ -592,6 +592,11 @@ test( "check attibute validation", function() {
  verify  = App.Utils.htmlAttributeCleanup( string )
  equal( verify, result, string )

+  string = 'abc()=$'
+  result  = 'abc'
+  verify  = App.Utils.htmlAttributeCleanup( string )
+  equal( verify, result, string )
+

 });