From 676ee40cca12ef3a2147d6dbecf822275492404a Mon Sep 17 00:00:00 2001
From: Laurent <58115082+naaturel@users.noreply.github.com>
Date: Fri, 8 Nov 2024 15:10:31 +0100
Subject: [PATCH] Sanitize input in front-side

---
 front/.svelte-kit/ambient.d.ts                 | 4 ++--
 front/.svelte-kit/generated/server/internal.js | 2 +-
 front/src/lib/models/game.ts                   | 7 +++++++
 front/src/routes/play/+page.svelte             | 9 +++++++++
 4 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/front/.svelte-kit/ambient.d.ts b/front/.svelte-kit/ambient.d.ts
index 8b35e7c..e8f54ab 100644
--- a/front/.svelte-kit/ambient.d.ts
+++ b/front/.svelte-kit/ambient.d.ts
@@ -42,7 +42,7 @@ declare module '$env/static/private' {
 	export const DB_USER: string;
 	export const DriverData: string;
 	export const EDITOR: string;
-	export const EFC_10288: string;
+	export const EFC_25892: string;
 	export const ffmpeg: string;
 	export const FPS_BROWSER_APP_PROFILE_STRING: string;
 	export const FPS_BROWSER_USER_PROFILE_STRING: string;
@@ -150,7 +150,7 @@ declare module '$env/dynamic/private' {
 		DB_USER: string;
 		DriverData: string;
 		EDITOR: string;
-		EFC_10288: string;
+		EFC_25892: string;
 		ffmpeg: string;
 		FPS_BROWSER_APP_PROFILE_STRING: string;
 		FPS_BROWSER_USER_PROFILE_STRING: string;
diff --git a/front/.svelte-kit/generated/server/internal.js b/front/.svelte-kit/generated/server/internal.js
index 7c5c727..1e6a414 100644
--- a/front/.svelte-kit/generated/server/internal.js
+++ b/front/.svelte-kit/generated/server/internal.js
@@ -21,7 +21,7 @@ export const options = {
 		app: ({ head, body, assets, nonce, env }) => "<!doctype html>\n<html lang=\"en\">\n\t<head>\n\t\t<title>Unluckiest</title>\n\n\t\t<link rel=\"stylesheet\"\n\t\t\t  href=\"https://fonts.googleapis.com/css?family=Afacad+Flux\">\n\t\t<style>\n\t\t\tbody {\n\t\t\t\tfont-family: 'Afacad Flux', serif;\n\t\t\t\tfont-size: 48px;\n\t\t\t}\n\t\t</style>\n\n\t\t<meta charset=\"utf-8\" />\n\t\t<meta name=\"viewport\" content=\"width=device-width, initial-scale=1, viewport-fit=cover\" />\n\n\t\t<link rel=\"stylesheet\" href=\"" + assets + "/style/app.css\" />\n\t\t<link rel=\"stylesheet\" href=\"" + assets + "/style/menu2.css\" />\n\n\t\t<link rel=\"icon\" href=\"" + assets + "/favicon.png\" />\n\n\t\t<script src=\"https://code.jquery.com/jquery-3.6.0.min.js\"></script>\n\t\t<script src=\"https://code.jquery.com/ui/1.12.1/jquery-ui.min.js\"></script>\n\n\t\t" + head + "\n\t</head>\n\n\t<body data-sveltekit-preload-data=\"hover\">\n\n\t\t<div style=\"display: contents\">" + body + "</div>\n\n\t</body>\n</html>\n",
 		error: ({ status, message }) => "<!doctype html>\n<html lang=\"en\">\n\t<head>\n\t\t<meta charset=\"utf-8\" />\n\t\t<title>" + message + "</title>\n\n\t\t<style>\n\t\t\tbody {\n\t\t\t\t--bg: white;\n\t\t\t\t--fg: #222;\n\t\t\t\t--divider: #ccc;\n\t\t\t\tbackground: var(--bg);\n\t\t\t\tcolor: var(--fg);\n\t\t\t\tfont-family:\n\t\t\t\t\tsystem-ui,\n\t\t\t\t\t-apple-system,\n\t\t\t\t\tBlinkMacSystemFont,\n\t\t\t\t\t'Segoe UI',\n\t\t\t\t\tRoboto,\n\t\t\t\t\tOxygen,\n\t\t\t\t\tUbuntu,\n\t\t\t\t\tCantarell,\n\t\t\t\t\t'Open Sans',\n\t\t\t\t\t'Helvetica Neue',\n\t\t\t\t\tsans-serif;\n\t\t\t\tdisplay: flex;\n\t\t\t\talign-items: center;\n\t\t\t\tjustify-content: center;\n\t\t\t\theight: 100vh;\n\t\t\t\tmargin: 0;\n\t\t\t}\n\n\t\t\t.error {\n\t\t\t\tdisplay: flex;\n\t\t\t\talign-items: center;\n\t\t\t\tmax-width: 32rem;\n\t\t\t\tmargin: 0 1rem;\n\t\t\t}\n\n\t\t\t.status {\n\t\t\t\tfont-weight: 200;\n\t\t\t\tfont-size: 3rem;\n\t\t\t\tline-height: 1;\n\t\t\t\tposition: relative;\n\t\t\t\ttop: -0.05rem;\n\t\t\t}\n\n\t\t\t.message {\n\t\t\t\tborder-left: 1px solid var(--divider);\n\t\t\t\tpadding: 0 0 0 1rem;\n\t\t\t\tmargin: 0 0 0 1rem;\n\t\t\t\tmin-height: 2.5rem;\n\t\t\t\tdisplay: flex;\n\t\t\t\talign-items: center;\n\t\t\t}\n\n\t\t\t.message h1 {\n\t\t\t\tfont-weight: 400;\n\t\t\t\tfont-size: 1em;\n\t\t\t\tmargin: 0;\n\t\t\t}\n\n\t\t\t@media (prefers-color-scheme: dark) {\n\t\t\t\tbody {\n\t\t\t\t\t--bg: #222;\n\t\t\t\t\t--fg: #ddd;\n\t\t\t\t\t--divider: #666;\n\t\t\t\t}\n\t\t\t}\n\t\t</style>\n\t</head>\n\t<body>\n\t\t<div class=\"error\">\n\t\t\t<span class=\"status\">" + status + "</span>\n\t\t\t<div class=\"message\">\n\t\t\t\t<h1>" + message + "</h1>\n\t\t\t</div>\n\t\t</div>\n\t</body>\n</html>\n"
 	},
-	version_hash: "18cih05"
+	version_hash: "1rt869l"
 };
 
 export async function get_hooks() {
diff --git a/front/src/lib/models/game.ts b/front/src/lib/models/game.ts
index 8dedf7c..303f87e 100644
--- a/front/src/lib/models/game.ts
+++ b/front/src/lib/models/game.ts
@@ -20,6 +20,13 @@ export class Game {
         return false;
     }
 
+    public sanitizeName() {
+        this.playerName = this.playerName
+            .trim()
+            .replace(/\s+/g, ' ')
+            .replace(/[^a-zA-Z0-9\- ]/g, '');
+    }
+
     private getRandomNumber() : number{
         let unit = Math.floor(Math.random() * (this.range + 1));
 
diff --git a/front/src/routes/play/+page.svelte b/front/src/routes/play/+page.svelte
index c7bfdf7..7792ccf 100644
--- a/front/src/routes/play/+page.svelte
+++ b/front/src/routes/play/+page.svelte
@@ -16,6 +16,7 @@
         clearTimeout(timer);
         timer = setTimeout(() => {
             try{
+                sanitize(inputValue)
                 validate(inputValue)
                 game.playerName = inputValue;
             } catch (e){
@@ -27,6 +28,7 @@
     async function roll(){
 
         try{
+            game.sanitizeName();
             validate(game.playerName)
             game.state = GameState.Running;
             game.play()
@@ -41,6 +43,13 @@
         }
     }
 
+    function sanitize(data){
+        return data
+            .trim()
+            .replace(/\s+/g, ' ')
+            .replace(/[^a-zA-Z0-9\- ]/g, '');;
+    }
+
     function validate(data){
         if(!data) throw new Error("Veuillez indiquer votre nom.");
         $scoreStore.forEach(v => {