From 5e0ae554f9b995d6d83c0b30e8843cd2e1b56bd5 Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Tue, 27 Jan 2015 08:50:40 +0100 Subject: [PATCH] Improved input validation. --- .../app/lib/app_post/task_manager.js.coffee | 15 +++++++++++---- .../javascripts/app/lib/app_post/utils.js.coffee | 2 +- public/assets/tests/html-utils.js | 5 +++++ 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/app/assets/javascripts/app/lib/app_post/task_manager.js.coffee b/app/assets/javascripts/app/lib/app_post/task_manager.js.coffee index 4d5d77d82..8e0238b71 100644 --- a/app/assets/javascripts/app/lib/app_post/task_manager.js.coffee +++ b/app/assets/javascripts/app/lib/app_post/task_manager.js.coffee @@ -271,8 +271,12 @@ class _taskManagerSingleton extends App.Controller ) @allTasks = allTasks || [] - $('#content_permanent_' + key ).html('') - $('#content_permanent_' + key ).remove() + try + $('#content_permanent_' + key ).html('') + $('#content_permanent_' + key ).remove() + catch + @log 'notice', "invalid key '#{key}'" + delete @workersStarted[ key ] delete @workers[ key ] @@ -304,8 +308,11 @@ class _taskManagerSingleton extends App.Controller # release tasks for task in @allTasks - $('#content_permanent_' + task.key ).html('') - $('#content_permanent_' + task.key ).remove() + try + $('#content_permanent_' + task.key ).html('') + $('#content_permanent_' + task.key ).remove() + catch + @log 'notice', "invalid key '#{key}'" delete @workersStarted[ task.key ] delete @workers[ task.key ] diff --git a/app/assets/javascripts/app/lib/app_post/utils.js.coffee b/app/assets/javascripts/app/lib/app_post/utils.js.coffee index 9d6af70f2..e181401e1 100644 --- a/app/assets/javascripts/app/lib/app_post/utils.js.coffee +++ b/app/assets/javascripts/app/lib/app_post/utils.js.coffee @@ -193,4 +193,4 @@ class App.Utils # cleanString = App.Utils.htmlAttributeCleanup( string ) @htmlAttributeCleanup: (string) -> - string.replace(/(\!|\s|\r|\t|,|\.|\?|"|'|\^|#)/g, '') + string.replace(/(\!|\s|\r|\t|,|\.|\?|"|'|\^|#|=|\(|\)|\$)/g, '') diff --git a/public/assets/tests/html-utils.js b/public/assets/tests/html-utils.js index b45ba55bd..c3bd0174a 100644 --- a/public/assets/tests/html-utils.js +++ b/public/assets/tests/html-utils.js @@ -592,6 +592,11 @@ test( "check attibute validation", function() { verify = App.Utils.htmlAttributeCleanup( string ) equal( verify, result, string ) + string = 'abc()=$' + result = 'abc' + verify = App.Utils.htmlAttributeCleanup( string ) + equal( verify, result, string ) + });