From 6ac2299442e6e796724ac2b7f794daf87e53d599 Mon Sep 17 00:00:00 2001
From: strokh24 <Rokas.Stankunas@Student.Reutlingen-University.DE>
Date: Wed, 16 Oct 2024 09:28:30 +0200
Subject: [PATCH] Implementing input sanitation for CRUD actions

---
 public/js/app.js   | 22 ++++++++++++++++++++--
 public/js/index.js | 18 ++++++++++++++++++
 2 files changed, 38 insertions(+), 2 deletions(-)

diff --git a/public/js/app.js b/public/js/app.js
index f3ea087..09dfa09 100644
--- a/public/js/app.js
+++ b/public/js/app.js
@@ -1,4 +1,4 @@
-// Obtener referencia a los elementos del DOM
+// Get reference to DOM elements
 const taskList = document.querySelector('.task-list ul');
 const newTaskForm = document.querySelector('form');
 
@@ -78,7 +78,7 @@ newTaskForm.addEventListener('submit', async (e) => {
 
     const newTodo = await res.json();
     taskList.appendChild(createTaskElement(newTodo));
-    input.value = ''; // Limpiar el campo de entrada
+    input.value = ''; // Clear input field
   } catch (err) {
     console.error('Error adding task:', err);
   }
@@ -86,6 +86,12 @@ newTaskForm.addEventListener('submit', async (e) => {
 
 // Mark task as completed
 async function markAsDone(taskId, isDone) {
+  // Input sanitation 
+  if (isNaN(parseInt(taskId, 10)) && typeof(isDone) === 'boolean') {
+    console.error('Invalid task ID or task status is invalid');
+    return;
+  }
+
   try {
     const res = await fetch(`/api/todos/${taskId}/done`, {
       method: 'PUT',
@@ -104,6 +110,12 @@ async function markAsDone(taskId, isDone) {
 
 // Erase task
 async function deleteTask(taskId) {
+  // Input sanitation 
+  if (isNaN(parseInt(taskId, 10))) {
+    console.error('Invalid task ID');
+    return;
+  }
+
   try {
     const res = await fetch(`/api/todos/${taskId}`, {
       method: 'DELETE'
@@ -122,6 +134,12 @@ async function deleteTask(taskId) {
 
 // Edit task
 async function updateTask(taskId, newDescription) {
+  // Input sanitation 
+  if (isNaN(parseInt(taskId, 10)) && typeof(newDescription) === 'string') {
+    console.error('Invalid task ID or new description is not string');
+    return;
+  }
+
   try {
     const res = await fetch(`/api/todos/${taskId}/description`, {
       method: 'PUT',
diff --git a/public/js/index.js b/public/js/index.js
index b102448..0b6456d 100644
--- a/public/js/index.js
+++ b/public/js/index.js
@@ -118,6 +118,12 @@ document.addEventListener('DOMContentLoaded', async () => {
 
   // Function to alternate to the completed state
   async function toggleComplete(taskId, isDone) {
+    // Input sanitation 
+    if (isNaN(parseInt(taskId, 10)) && typeof(isDone) === 'boolean') {
+      console.error('Invalid task ID or task status is invalid');
+      return;
+    }
+
     try {
       const res = await fetch(`/api/todos/${taskId}/done`, {
         method: 'PUT',
@@ -134,6 +140,12 @@ document.addEventListener('DOMContentLoaded', async () => {
 
   // Function to eliminate a task
   async function deleteTask(taskId) {
+    // Input sanitation 
+    if (isNaN(parseInt(taskId, 10))) {
+      console.error('Invalid task ID');
+      return;
+    }
+    
     try {
       const res = await fetch(`/api/todos/${taskId}`, {
         method: 'DELETE'
@@ -148,6 +160,12 @@ document.addEventListener('DOMContentLoaded', async () => {
 
   // Function to update the description of a task
   async function updateTask(taskId, newDescription) {
+    // Input sanitation 
+    if (isNaN(parseInt(taskId, 10)) && typeof(newDescription) === 'string') {
+      console.error('Invalid task ID or new description is not string');
+      return;
+    }
+  
     try {
       const res = await fetch(`/api/todos/${taskId}/description`, {
         method: 'PUT',
-- 
GitLab