diff --git a/src/lib/helpers.ts b/src/lib/helpers.ts index 465c577..e841c51 100644 --- a/src/lib/helpers.ts +++ b/src/lib/helpers.ts @@ -1,2 +1,14 @@ export const truncateWallet: (wallet: string, preDigits: number, postDigits: number | undefined) => string = (wallet: string, preDigits: number, postDigits = preDigits) => `${wallet.slice(0, preDigits)}...${wallet.slice(-(postDigits + 1), -1)}`; export const isNumber = (s: string) => /^[0-9]+$/.test(s); + +export const sanitize = (s: string) => { + const chars = { + '&': '&', + '<': '<', + '>': '>', + '"': '"', + "'": ''', + '/': '/', + } as {[key: string]: string}; + return s.replace(/[&<>"'/]/ig, (match) => chars[match]); +}; diff --git a/src/views/AddFundView.vue b/src/views/AddFundView.vue index ee5eed4..287b123 100644 --- a/src/views/AddFundView.vue +++ b/src/views/AddFundView.vue @@ -73,6 +73,7 @@ import { ref } from 'vue'; import store from '@/store'; import { useRouter } from 'vue-router'; import FundTierInput from '@/components/FundTierInput.vue'; +import { sanitize } from '@/lib/helpers'; const router = useRouter(); @@ -89,7 +90,6 @@ const issuerWallet = ref(''); const asset = ref(''); const memo = ref(''); const minContribution = ref(undefined as number | undefined); -// const amtGoal = ref(undefined as number | undefined); const bonuses = ref([] as Bonus[]); const saveBonuses = (evt: Bonus[]) => { @@ -98,18 +98,19 @@ const saveBonuses = (evt: Bonus[]) => { const requesting = ref(false); const submit = async () => { + if (!minContribution.value) return; + if (!/^[0-9]+$/.test(minContribution.value.toString())) return; if (!requesting.value) { requesting.value = true; const resp = await controller.post>('CreateRewardFund', { asset: asset.value, - fundWallet: fundWallet.value, - sellingWallet: sellWallet.value, - issuerWallet: issuerWallet.value, - memo: memo.value, - // amountGoal: amtGoal.value as number, - minContribution: minContribution.value as number, - title: title.value, - description: description.value, + fundWallet: sanitize(fundWallet.value), + sellingWallet: sanitize(sellWallet.value), + issuerWallet: sanitize(issuerWallet.value), + memo: sanitize(memo.value), + minContribution: minContribution.value, + title: sanitize(title.value), + description: sanitize(description.value), bonuses: bonuses.value, }); requesting.value = false; diff --git a/src/views/FundView.vue b/src/views/FundView.vue index d2b8d18..4b21069 100644 --- a/src/views/FundView.vue +++ b/src/views/FundView.vue @@ -204,7 +204,10 @@ import { import { useWebSocket } from '@vueuse/core'; import SignetRequestController from '@/api/requests'; import store from '@/store'; -import { truncateWallet } from '@/lib/helpers'; +import { + sanitize, + truncateWallet, +} from '@/lib/helpers'; import * as luxon from 'luxon'; import hasPermission from '@/lib/auth'; @@ -381,10 +384,14 @@ const { const makeContribution = async () => { if (!fund.value) throw new Error('Fund not found'); + if (!amt.value) return; + if (!/[^[0-9]+$/.test(amt.value.toString())) { + return; + } if (!requesting.value && pk.value && amt.value && amt.value <= amountAvailable.value) { requesting.value = true; await controller.post('Contribute', { - privateKey: pk.value, + privateKey: sanitize(pk.value), amount: amt.value, rewardFund: fund.value.fundInfo.id, });