Template gameName into player-settings as a data attribute to avoid potential security risks.

This commit is contained in:
Chris Wilson
2021-07-25 15:49:51 -04:00
parent 35b9e4768a
commit 610871c61b
3 changed files with 4 additions and 5 deletions

View File

@@ -106,7 +106,7 @@ games_list = {
# Player settings pages # Player settings pages
@app.route('/games/<string:game>/player-settings') @app.route('/games/<string:game>/player-settings')
def player_settings(game): def player_settings(game):
return render_template(f"player-settings.html") return render_template(f"player-settings.html", game=game)
# Game sub-pages # Game sub-pages

View File

@@ -1,8 +1,7 @@
let gameName = null; let gameName = null;
window.addEventListener('load', () => { window.addEventListener('load', () => {
const urlMatches = window.location.href.match(/^.*\/(.*)\/player-settings/); gameName = document.getElementById('player-settings').getAttribute('data-game');
gameName = decodeURIComponent(urlMatches[1]);
// Update game name on page // Update game name on page
document.getElementById('game-name').innerHTML = gameName; document.getElementById('game-name').innerHTML = gameName;
@@ -25,7 +24,7 @@ window.addEventListener('load', () => {
nameInput.value = playerSettings.name; nameInput.value = playerSettings.name;
}).catch((error) => { }).catch((error) => {
const url = new URL(window.location.href); const url = new URL(window.location.href);
window.location.replace(`${url.protocol}//${url.hostname}/page-not-found`); // window.location.replace(`${url.protocol}//${url.hostname}/page-not-found`);
}) })
}); });

View File

@@ -10,7 +10,7 @@
{% block body %} {% block body %}
{% include 'header/grassHeader.html' %} {% include 'header/grassHeader.html' %}
<div id="player-settings"> <div id="player-settings" data-game="{{ game }}">
<div id="user-message"></div> <div id="user-message"></div>
<h1><span id="game-name">Player</span> Settings</h1> <h1><span id="game-name">Player</span> Settings</h1>
<p>Choose the options you would like to play with! You may generate a single-player game from this page, <p>Choose the options you would like to play with! You may generate a single-player game from this page,