Skip to content
Snippets Groups Projects
Commit 6ac22994 authored by Rokas Stankunas's avatar Rokas Stankunas
Browse files

Implementing input sanitation for CRUD actions

parent d4837dbd
No related branches found
No related tags found
1 merge request!6Adding toDo app functionability
Pipeline #15729 passed
// Obtener referencia a los elementos del DOM // Get reference to DOM elements
const taskList = document.querySelector('.task-list ul'); const taskList = document.querySelector('.task-list ul');
const newTaskForm = document.querySelector('form'); const newTaskForm = document.querySelector('form');
...@@ -78,7 +78,7 @@ newTaskForm.addEventListener('submit', async (e) => { ...@@ -78,7 +78,7 @@ newTaskForm.addEventListener('submit', async (e) => {
const newTodo = await res.json(); const newTodo = await res.json();
taskList.appendChild(createTaskElement(newTodo)); taskList.appendChild(createTaskElement(newTodo));
input.value = ''; // Limpiar el campo de entrada input.value = ''; // Clear input field
} catch (err) { } catch (err) {
console.error('Error adding task:', err); console.error('Error adding task:', err);
} }
...@@ -86,6 +86,12 @@ newTaskForm.addEventListener('submit', async (e) => { ...@@ -86,6 +86,12 @@ newTaskForm.addEventListener('submit', async (e) => {
// Mark task as completed // Mark task as completed
async function markAsDone(taskId, isDone) { async function markAsDone(taskId, isDone) {
// Input sanitation
if (isNaN(parseInt(taskId, 10)) && typeof(isDone) === 'boolean') {
console.error('Invalid task ID or task status is invalid');
return;
}
try { try {
const res = await fetch(`/api/todos/${taskId}/done`, { const res = await fetch(`/api/todos/${taskId}/done`, {
method: 'PUT', method: 'PUT',
...@@ -104,6 +110,12 @@ async function markAsDone(taskId, isDone) { ...@@ -104,6 +110,12 @@ async function markAsDone(taskId, isDone) {
// Erase task // Erase task
async function deleteTask(taskId) { async function deleteTask(taskId) {
// Input sanitation
if (isNaN(parseInt(taskId, 10))) {
console.error('Invalid task ID');
return;
}
try { try {
const res = await fetch(`/api/todos/${taskId}`, { const res = await fetch(`/api/todos/${taskId}`, {
method: 'DELETE' method: 'DELETE'
...@@ -122,6 +134,12 @@ async function deleteTask(taskId) { ...@@ -122,6 +134,12 @@ async function deleteTask(taskId) {
// Edit task // Edit task
async function updateTask(taskId, newDescription) { async function updateTask(taskId, newDescription) {
// Input sanitation
if (isNaN(parseInt(taskId, 10)) && typeof(newDescription) === 'string') {
console.error('Invalid task ID or new description is not string');
return;
}
try { try {
const res = await fetch(`/api/todos/${taskId}/description`, { const res = await fetch(`/api/todos/${taskId}/description`, {
method: 'PUT', method: 'PUT',
......
...@@ -118,6 +118,12 @@ document.addEventListener('DOMContentLoaded', async () => { ...@@ -118,6 +118,12 @@ document.addEventListener('DOMContentLoaded', async () => {
// Function to alternate to the completed state // Function to alternate to the completed state
async function toggleComplete(taskId, isDone) { async function toggleComplete(taskId, isDone) {
// Input sanitation
if (isNaN(parseInt(taskId, 10)) && typeof(isDone) === 'boolean') {
console.error('Invalid task ID or task status is invalid');
return;
}
try { try {
const res = await fetch(`/api/todos/${taskId}/done`, { const res = await fetch(`/api/todos/${taskId}/done`, {
method: 'PUT', method: 'PUT',
...@@ -134,6 +140,12 @@ document.addEventListener('DOMContentLoaded', async () => { ...@@ -134,6 +140,12 @@ document.addEventListener('DOMContentLoaded', async () => {
// Function to eliminate a task // Function to eliminate a task
async function deleteTask(taskId) { async function deleteTask(taskId) {
// Input sanitation
if (isNaN(parseInt(taskId, 10))) {
console.error('Invalid task ID');
return;
}
try { try {
const res = await fetch(`/api/todos/${taskId}`, { const res = await fetch(`/api/todos/${taskId}`, {
method: 'DELETE' method: 'DELETE'
...@@ -148,6 +160,12 @@ document.addEventListener('DOMContentLoaded', async () => { ...@@ -148,6 +160,12 @@ document.addEventListener('DOMContentLoaded', async () => {
// Function to update the description of a task // Function to update the description of a task
async function updateTask(taskId, newDescription) { async function updateTask(taskId, newDescription) {
// Input sanitation
if (isNaN(parseInt(taskId, 10)) && typeof(newDescription) === 'string') {
console.error('Invalid task ID or new description is not string');
return;
}
try { try {
const res = await fetch(`/api/todos/${taskId}/description`, { const res = await fetch(`/api/todos/${taskId}/description`, {
method: 'PUT', method: 'PUT',
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment