improved host input sanitizing

2026-04-23 06:50:41 +00:00 · 2024-04-01 20:58:31 -04:00
parent e5941a87ad
commit e09f68424e
2 changed files with 53 additions and 2 deletions
--- a/bale/drawer.py
+++ b/bale/drawer.py
@@ -1,3 +1,4 @@
+from typing import Optional
 from nicegui import ui  # type: ignore
 from bale import elements as el
 from bale.tabs import Tab
@@ -97,8 +98,12 @@ class Drawer(object):
        with ui.dialog() as host_dialog, el.Card():
            with el.DBody(height="[560px]", width="[360px]"):
                with el.WColumn():
-                    host_input = el.DInput(label="Host", value=" ")
-                    hostname_input = el.DInput(label="Hostname", value=" ")
+                    all_hosts = list(ssh.get_hosts())
+                    if name != "":
+                        if name in all_hosts:
+                            all_hosts.remove(name)
+                    host_input = el.VInput(label="Host", value=" ", invalid_characters="""'`"$\\;&<>|(){} """, invalid_values=all_hosts, max_length=20)
+                    hostname_input = el.VInput(label="Hostname", value=" ", invalid_characters="""!@#$%^&*'`"\\/:;<>|(){}=+[],? """)
                    username_input = el.DInput(label="Username", value=" ")
                    save_em = el.ErrorAggregator(host_input, hostname_input, username_input)
                    with el.Card() as c:
--- a/bale/elements.py
+++ b/bale/elements.py
@@ -131,6 +131,52 @@ class DInput(ui.input):
            self.value = ""


+class VInput(ui.input):
+    def __init__(
+        self,
+        label: str | None = None,
+        *,
+        placeholder: str | None = None,
+        value: str = " ",
+        password: bool = False,
+        password_toggle_button: bool = False,
+        on_change: Callable[..., Any] | None = None,
+        autocomplete: List[str] | None = None,
+        invalid_characters: str = "",
+        invalid_values: List[str] = [],
+        max_length: int = 64,
+        check: Callable[..., Any] | None = None,
+    ) -> None:
+        def checks(value: str) -> bool:
+            if value is None or value == "" or len(value) > max_length:
+                return False
+            for invalid_character in invalid_characters:
+                if invalid_character in value:
+                    return False
+            for invalid_value in invalid_values:
+                if invalid_value == value:
+                    return False
+            if check is not None:
+                check_status = check(value)
+                if check_status is not None:
+                    return check_status
+            return True
+
+        super().__init__(
+            label,
+            placeholder=placeholder,
+            value=value,
+            password=password,
+            password_toggle_button=password_toggle_button,
+            on_change=on_change,
+            autocomplete=autocomplete,
+            validation={"": lambda value: checks(value)},
+        )
+        self.tailwind.width("full")
+        if value == " ":
+            self.value = ""
+
+
 class FInput(ui.input):
    def __init__(
        self,