From fecd26f4bbad849563c2a8231ead21a1cefb026c Mon Sep 17 00:00:00 2001 From: maru21 Date: Sun, 15 Oct 2023 23:49:05 +0200 Subject: [PATCH] implemented sanitizing --- js/9.9.9/createTemplate.js | 5 ++--- js/9.9.9/form.js | 5 +---- js/9.9.9/parseForm.js | 3 ++- js/9.9.9/scripts.js | 20 +++++++++++++++++++- js/9.9.9/storage.js | 6 +++--- 5 files changed, 27 insertions(+), 12 deletions(-) diff --git a/js/9.9.9/createTemplate.js b/js/9.9.9/createTemplate.js index d4502d8..6db63eb 100644 --- a/js/9.9.9/createTemplate.js +++ b/js/9.9.9/createTemplate.js @@ -1,6 +1,6 @@ import {setNewTemplate, loadTemplate} from "./web.js"; -import { retrieveData } from "./storage.js"; import { hideMenus, modalNotifier } from "./evts.js"; +import { sanitize } from "./scripts.js"; function createTemplate(template = false) { @@ -8,7 +8,6 @@ function createTemplate(template = false) { //set current page value in activeState object activeState.activePage = "createTemplate"; - if (screen.width > 992) { document.getElementById("siteTitle").innerHTML = "Manage templates"; } else { @@ -145,7 +144,7 @@ function createTemplate(template = false) { case "Save": let fileName; let userFileNameField = document.getElementById("userFileName"); - let userFileName = userFileNameField.value; + let userFileName = sanitize(userFileNameField.value); let userFileNamePH = userFileNameField.getAttribute("placeholder"); if (userFileName.length != 0) { fileName = userFileName; diff --git a/js/9.9.9/form.js b/js/9.9.9/form.js index 5f29233..3561c6f 100644 --- a/js/9.9.9/form.js +++ b/js/9.9.9/form.js @@ -251,11 +251,8 @@ function formEvts() { document.getElementById("sidebar").addEventListener("click", (e) => { if (e.target) { if (e.target.id == "sb-submit") { - if (screen.width < 993) { - showSidebar(); - } parseFormOnSubmit(); - focusOnField("output"); + modalNotifier("File saved and copied to clipboard", 2); } if (e.target.id == "sb-item") { setTimeout(() => { diff --git a/js/9.9.9/parseForm.js b/js/9.9.9/parseForm.js index ded454b..574a24a 100644 --- a/js/9.9.9/parseForm.js +++ b/js/9.9.9/parseForm.js @@ -1,3 +1,4 @@ +import { sanitize } from "./scripts.js"; import { storeData, clearData, retrieveData } from "./storage.js"; function parseFormOnSubmit(returnJSON = false, parseOnly = false) { @@ -43,7 +44,7 @@ function parseFormOnSubmit(returnJSON = false, parseOnly = false) { //set filename to active state according to userFileName field from loadTemplate let userFileNameField = document.getElementById("userFileName"); - let userFileName = userFileNameField.value; + let userFileName = sanitize(userFileNameField.value); let userFileNamePH = userFileNameField.getAttribute("placeholder"); if (userFileName.length != 0) { activeState.fileName = userFileName; diff --git a/js/9.9.9/scripts.js b/js/9.9.9/scripts.js index fc6406e..81d0111 100644 --- a/js/9.9.9/scripts.js +++ b/js/9.9.9/scripts.js @@ -47,7 +47,7 @@ export const passwordHash = { function setPassword() { let x = document.getElementById("loginForm"); - let pw = x.elements[0].value; + let pw = sanitize(x.elements[0].value); if (pw != "" || pw !== "undefined") { let pwOld = pw; @@ -164,4 +164,22 @@ export function logout() { document.getElementById("login").style.display = "block"; } + + +export function sanitize(string) { + const map = { + '&': '_', + '<': '_', + '>': '_', + '"': '_', + "'": '_', + '/': '_', + '`': '_', + '=': '_' + }; + const reg = /[&<>"'/]/ig; + console.log(string.replace(reg, (match)=>(map[match]))); + return string.replace(reg, (match)=>(map[match])); +} + export default setPassword; diff --git a/js/9.9.9/storage.js b/js/9.9.9/storage.js index d6c5760..f199254 100644 --- a/js/9.9.9/storage.js +++ b/js/9.9.9/storage.js @@ -1,6 +1,6 @@ import XORCipher from "./xorc.js"; import sha256 from "./sha256.min.js"; -import { getUsrId, passwordHash } from "./scripts.js"; +import { getUsrId, passwordHash, sanitize } from "./scripts.js"; function createStorageObj() { @@ -19,10 +19,10 @@ function createStorageObj() { //console.log(this, dataArray); let userFileNameField = document.getElementById("userFileName"); - let userFileName = userFileNameField.value; + let userFileName = sanitize(userFileNameField.value); let userFileNamePH = userFileNameField.getAttribute("placeholder"); if (userFileName.length != 0) { - activeState.fileName = userFileName.replace; + activeState.fileName = userFileName; //clear old data as file switches to new filename if (userFileNamePH.length != 0) { clearData(userFileNamePH);