Procházet zdrojové kódy

Sanitizing input

wip/alt-interface
Jared před 2 roky
rodič
revize
261854dc07
3 změnil soubory, kde provedl 31 přidání a 11 odebrání
  1. +12
    -0
      src/lib/helpers.ts
  2. +10
    -9
      src/views/AddFundView.vue
  3. +9
    -2
      src/views/FundView.vue

+ 12
- 0
src/lib/helpers.ts Zobrazit soubor

@@ -1,2 +1,14 @@
export const truncateWallet: (wallet: string, preDigits: number, postDigits: number | undefined) => string = (wallet: string, preDigits: number, postDigits = preDigits) => `${wallet.slice(0, preDigits)}...${wallet.slice(-(postDigits + 1), -1)}`;
export const isNumber = (s: string) => /^[0-9]+$/.test(s);

export const sanitize = (s: string) => {
const chars = {
'&': '&',
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
"'": '&#x27;',
'/': '&#x2F;',
} as {[key: string]: string};
return s.replace(/[&<>"'/]/ig, (match) => chars[match]);
};

+ 10
- 9
src/views/AddFundView.vue Zobrazit soubor

@@ -73,6 +73,7 @@ import { ref } from 'vue';
import store from '@/store';
import { useRouter } from 'vue-router';
import FundTierInput from '@/components/FundTierInput.vue';
import { sanitize } from '@/lib/helpers';

const router = useRouter();

@@ -89,7 +90,6 @@ const issuerWallet = ref('');
const asset = ref('');
const memo = ref('');
const minContribution = ref(undefined as number | undefined);
// const amtGoal = ref(undefined as number | undefined);

const bonuses = ref([] as Bonus[]);
const saveBonuses = (evt: Bonus[]) => {
@@ -98,18 +98,19 @@ const saveBonuses = (evt: Bonus[]) => {

const requesting = ref(false);
const submit = async () => {
if (!minContribution.value) return;
if (!/^[0-9]+$/.test(minContribution.value.toString())) return;
if (!requesting.value) {
requesting.value = true;
const resp = await controller.post<SuccessResponse, Partial<FundInfo>>('CreateRewardFund', {
asset: asset.value,
fundWallet: fundWallet.value,
sellingWallet: sellWallet.value,
issuerWallet: issuerWallet.value,
memo: memo.value,
// amountGoal: amtGoal.value as number,
minContribution: minContribution.value as number,
title: title.value,
description: description.value,
fundWallet: sanitize(fundWallet.value),
sellingWallet: sanitize(sellWallet.value),
issuerWallet: sanitize(issuerWallet.value),
memo: sanitize(memo.value),
minContribution: minContribution.value,
title: sanitize(title.value),
description: sanitize(description.value),
bonuses: bonuses.value,
});
requesting.value = false;


+ 9
- 2
src/views/FundView.vue Zobrazit soubor

@@ -204,7 +204,10 @@ import {
import { useWebSocket } from '@vueuse/core';
import SignetRequestController from '@/api/requests';
import store from '@/store';
import { truncateWallet } from '@/lib/helpers';
import {
sanitize,
truncateWallet,
} from '@/lib/helpers';
import * as luxon from 'luxon';
import hasPermission from '@/lib/auth';

@@ -381,10 +384,14 @@ const {

const makeContribution = async () => {
if (!fund.value) throw new Error('Fund not found');
if (!amt.value) return;
if (!/[^[0-9]+$/.test(amt.value.toString())) {
return;
}
if (!requesting.value && pk.value && amt.value && amt.value <= amountAvailable.value) {
requesting.value = true;
await controller.post<SuccessResponse, ContributeRequest>('Contribute', {
privateKey: pk.value,
privateKey: sanitize(pk.value),
amount: amt.value,
rewardFund: fund.value.fundInfo.id,
});


Načítá se…
Zrušit
Uložit