jbell730
/
signet-frontend
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Sanitizing input

wip/alt-interface
Jared 2 years ago
parent
58312618c1
commit
261854dc07
3 changed files with 31 additions and 11 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +12
    -0
      src/lib/helpers.ts
  2. +10
    -9
      src/views/AddFundView.vue
  3. +9
    -2
      src/views/FundView.vue

+ 12
- 0
src/lib/helpers.ts View File

@@ -1,2 +1,14 @@
export const truncateWallet: (wallet: string, preDigits: number, postDigits: number | undefined) => string = (wallet: string, preDigits: number, postDigits = preDigits) => `${wallet.slice(0, preDigits)}...${wallet.slice(-(postDigits + 1), -1)}`; export const truncateWallet: (wallet: string, preDigits: number, postDigits: number | undefined) => string = (wallet: string, preDigits: number, postDigits = preDigits) => `${wallet.slice(0, preDigits)}...${wallet.slice(-(postDigits + 1), -1)}`;
export const isNumber = (s: string) => /^[0-9]+$/.test(s); export const isNumber = (s: string) => /^[0-9]+$/.test(s);

export const sanitize = (s: string) => {
const chars = {
'&': '&',
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
"'": '&#x27;',
'/': '&#x2F;',
} as {[key: string]: string};
return s.replace(/[&<>"'/]/ig, (match) => chars[match]);
};

+ 10
- 9
src/views/AddFundView.vue View File

@@ -73,6 +73,7 @@ import { ref } from 'vue';
import store from '@/store'; import store from '@/store';
import { useRouter } from 'vue-router'; import { useRouter } from 'vue-router';
import FundTierInput from '@/components/FundTierInput.vue'; import FundTierInput from '@/components/FundTierInput.vue';
import { sanitize } from '@/lib/helpers';


const router = useRouter(); const router = useRouter();


@@ -89,7 +90,6 @@ const issuerWallet = ref('');
const asset = ref(''); const asset = ref('');
const memo = ref(''); const memo = ref('');
const minContribution = ref(undefined as number | undefined); const minContribution = ref(undefined as number | undefined);
// const amtGoal = ref(undefined as number | undefined);


const bonuses = ref([] as Bonus[]); const bonuses = ref([] as Bonus[]);
const saveBonuses = (evt: Bonus[]) => { const saveBonuses = (evt: Bonus[]) => {
@@ -98,18 +98,19 @@ const saveBonuses = (evt: Bonus[]) => {


const requesting = ref(false); const requesting = ref(false);
const submit = async () => { const submit = async () => {
if (!minContribution.value) return;
if (!/^[0-9]+$/.test(minContribution.value.toString())) return;
if (!requesting.value) { if (!requesting.value) {
requesting.value = true; requesting.value = true;
const resp = await controller.post<SuccessResponse, Partial<FundInfo>>('CreateRewardFund', { const resp = await controller.post<SuccessResponse, Partial<FundInfo>>('CreateRewardFund', {
asset: asset.value, asset: asset.value,
fundWallet: fundWallet.value,
sellingWallet: sellWallet.value,
issuerWallet: issuerWallet.value,
memo: memo.value,
// amountGoal: amtGoal.value as number,
minContribution: minContribution.value as number,
title: title.value,
description: description.value,
fundWallet: sanitize(fundWallet.value),
sellingWallet: sanitize(sellWallet.value),
issuerWallet: sanitize(issuerWallet.value),
memo: sanitize(memo.value),
minContribution: minContribution.value,
title: sanitize(title.value),
description: sanitize(description.value),
bonuses: bonuses.value, bonuses: bonuses.value,
}); });
requesting.value = false; requesting.value = false;


+ 9
- 2
src/views/FundView.vue View File

@@ -204,7 +204,10 @@ import {
import { useWebSocket } from '@vueuse/core'; import { useWebSocket } from '@vueuse/core';
import SignetRequestController from '@/api/requests'; import SignetRequestController from '@/api/requests';
import store from '@/store'; import store from '@/store';
import { truncateWallet } from '@/lib/helpers';
import {
sanitize,
truncateWallet,
} from '@/lib/helpers';
import * as luxon from 'luxon'; import * as luxon from 'luxon';
import hasPermission from '@/lib/auth'; import hasPermission from '@/lib/auth';


@@ -381,10 +384,14 @@ const {


const makeContribution = async () => { const makeContribution = async () => {
if (!fund.value) throw new Error('Fund not found'); if (!fund.value) throw new Error('Fund not found');
if (!amt.value) return;
if (!/[^[0-9]+$/.test(amt.value.toString())) {
return;
}
if (!requesting.value && pk.value && amt.value && amt.value <= amountAvailable.value) { if (!requesting.value && pk.value && amt.value && amt.value <= amountAvailable.value) {
requesting.value = true; requesting.value = true;
await controller.post<SuccessResponse, ContributeRequest>('Contribute', { await controller.post<SuccessResponse, ContributeRequest>('Contribute', {
privateKey: pk.value,
privateKey: sanitize(pk.value),
amount: amt.value, amount: amt.value,
rewardFund: fund.value.fundInfo.id, rewardFund: fund.value.fundInfo.id,
}); });


Write Preview
Loading…
Cancel
Save