From e09f68424e2e0491b22399e93791f215253336f1 Mon Sep 17 00:00:00 2001
From: Natan Keddem <git@keddem.com>
Date: Mon, 1 Apr 2024 20:58:31 -0400
Subject: [PATCH] improved host input sanitizing

---
 bale/drawer.py   |  9 +++++++--
 bale/elements.py | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 53 insertions(+), 2 deletions(-)

diff --git a/bale/drawer.py b/bale/drawer.py
index 999a816..b63d1db 100644
--- a/bale/drawer.py
+++ b/bale/drawer.py
@@ -1,3 +1,4 @@
+from typing import Optional
 from nicegui import ui  # type: ignore
 from bale import elements as el
 from bale.tabs import Tab
@@ -97,8 +98,12 @@ class Drawer(object):
         with ui.dialog() as host_dialog, el.Card():
             with el.DBody(height="[560px]", width="[360px]"):
                 with el.WColumn():
-                    host_input = el.DInput(label="Host", value=" ")
-                    hostname_input = el.DInput(label="Hostname", value=" ")
+                    all_hosts = list(ssh.get_hosts())
+                    if name != "":
+                        if name in all_hosts:
+                            all_hosts.remove(name)
+                    host_input = el.VInput(label="Host", value=" ", invalid_characters="""'`"$\\;&<>|(){} """, invalid_values=all_hosts, max_length=20)
+                    hostname_input = el.VInput(label="Hostname", value=" ", invalid_characters="""!@#$%^&*'`"\\/:;<>|(){}=+[],? """)
                     username_input = el.DInput(label="Username", value=" ")
                     save_em = el.ErrorAggregator(host_input, hostname_input, username_input)
                     with el.Card() as c:
diff --git a/bale/elements.py b/bale/elements.py
index 13ed66d..cb8c28f 100644
--- a/bale/elements.py
+++ b/bale/elements.py
@@ -131,6 +131,52 @@ class DInput(ui.input):
             self.value = ""
 
 
+class VInput(ui.input):
+    def __init__(
+        self,
+        label: str | None = None,
+        *,
+        placeholder: str | None = None,
+        value: str = " ",
+        password: bool = False,
+        password_toggle_button: bool = False,
+        on_change: Callable[..., Any] | None = None,
+        autocomplete: List[str] | None = None,
+        invalid_characters: str = "",
+        invalid_values: List[str] = [],
+        max_length: int = 64,
+        check: Callable[..., Any] | None = None,
+    ) -> None:
+        def checks(value: str) -> bool:
+            if value is None or value == "" or len(value) > max_length:
+                return False
+            for invalid_character in invalid_characters:
+                if invalid_character in value:
+                    return False
+            for invalid_value in invalid_values:
+                if invalid_value == value:
+                    return False
+            if check is not None:
+                check_status = check(value)
+                if check_status is not None:
+                    return check_status
+            return True
+
+        super().__init__(
+            label,
+            placeholder=placeholder,
+            value=value,
+            password=password,
+            password_toggle_button=password_toggle_button,
+            on_change=on_change,
+            autocomplete=autocomplete,
+            validation={"": lambda value: checks(value)},
+        )
+        self.tailwind.width("full")
+        if value == " ":
+            self.value = ""
+
+
 class FInput(ui.input):
     def __init__(
         self,