System-End/site
1
0
Fork 0
mirror of https://github.com/System-End/site.git synced 2026-04-19 19:45:07 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: css injection, estimated hour validation

Browse source 
Fix potential point of CSS injection
validate estimated hours to be a positive integer
This commit is contained in:
Arnav Kumar 2024-08-22 22:30:32 +05:30 committed by GitHub
parent f813b8c1b0
commit a8bc0e5508
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 19 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
pages/api/arcade/showcase/projects/[projectID]/edit.js
View file

@ -12,6 +12,25 @@ export default async function handler(req, res) {
return res.status(400).json({ error: 'No body provided' })
}
// html color input value always gives a 6-char hex color
const colorRegex = /^#[0-9A-F]{6}$/i;
if(body.color !== "" && !(colorRegex.test(body.color))) {
return res
.status(400)
.json({ error: 'Invalid Color' });
}
if(body.textColor !== "" && !(colorRegex.test(body.textColor))) {
return res
.status(400)
.json({ error: 'Invalid Text Color' });
}
if(body.hours <= 0) {
return res
.status(400)
.json({ error: 'Hours should be a positive integer' });
}
const updatedFields = {}
updatedFields['Name'] = body.title
updatedFields['Estimated Hours'] = body.hours