From d8e076566d4eebca583f281d9091b9fad0f40106 Mon Sep 17 00:00:00 2001 From: Matjaz Gregoric Date: Thu, 8 Jan 2015 10:38:40 +0100 Subject: [PATCH] Improve JS course key validation to not allow special chars. Course and Library keys cannot contiain !'()* special characters, but the JS validation on the new course/library failed to detect these characters. `encodeURIComponent` is used to check the string for special characters, but `encodeURIComponent` does not encode these characters: -_!~*'(). (see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent) The -_~ characters are allowed in course keys, but !'()* are not, so add an explicit check for these characters to make sure a field containing these characters does not pass the validation. --- .../js/spec/views/utils/view_utils_spec.js | 48 +++++++++++++++++++ cms/static/js/views/utils/view_utils.js | 2 +- 2 files changed, 49 insertions(+), 1 deletion(-) diff --git a/cms/static/js/spec/views/utils/view_utils_spec.js b/cms/static/js/spec/views/utils/view_utils_spec.js index 114b3b01d4..dce4041667 100644 --- a/cms/static/js/spec/views/utils/view_utils_spec.js +++ b/cms/static/js/spec/views/utils/view_utils_spec.js @@ -40,5 +40,53 @@ define(["jquery", "underscore", "js/views/baseview", "js/views/utils/view_utils" ViewHelpers.verifyNotificationShowing(notificationSpy, /Testing/); }); }); + + describe("course/library fields validation", function() { + describe("without unicode support", function() { + it("validates presence of field", function() { + var error = ViewUtils.validateURLItemEncoding('', false); + expect(error).toBeTruthy(); + }); + + it("checks for presence of special characters in the field", function() { + var error; + // Special characters are not allowed. + error = ViewUtils.validateURLItemEncoding('my+field', false); + expect(error).toBeTruthy(); + error = ViewUtils.validateURLItemEncoding('2014!', false); + expect(error).toBeTruthy(); + error = ViewUtils.validateURLItemEncoding('*field*', false); + expect(error).toBeTruthy(); + // Spaces not allowed. + error = ViewUtils.validateURLItemEncoding('Jan 2014', false); + expect(error).toBeTruthy(); + // -_~. are allowed. + error = ViewUtils.validateURLItemEncoding('2015-Math_X1.0~', false); + expect(error).toBeFalsy(); + }); + + it("does not allow unicode characters", function() { + var error = ViewUtils.validateURLItemEncoding('Field-\u010d', false); + expect(error).toBeTruthy(); + }); + }); + + describe("with unicode support", function() { + it("validates presence of field", function() { + var error = ViewUtils.validateURLItemEncoding('', true); + expect(error).toBeTruthy(); + }); + + it("checks for presence of spaces", function() { + var error = ViewUtils.validateURLItemEncoding('My Field', true); + expect(error).toBeTruthy(); + }); + + it("allows unicode characters", function() { + var error = ViewUtils.validateURLItemEncoding('Field-\u010d', true); + expect(error).toBeFalsy(); + }); + }); + }); }); }); diff --git a/cms/static/js/views/utils/view_utils.js b/cms/static/js/views/utils/view_utils.js index 9cd2c4ef58..efb3ae7f71 100644 --- a/cms/static/js/views/utils/view_utils.js +++ b/cms/static/js/views/utils/view_utils.js @@ -199,7 +199,7 @@ define(["jquery", "underscore", "gettext", "js/views/feedback_notification", "js } } else { - if (item !== encodeURIComponent(item)) { + if (item !== encodeURIComponent(item) || item.match(/[!'()*]/)) { return gettext('Please do not use any spaces or special characters in this field.'); } }