Additional input validation

emarsden · Feb 20, 2024 · 2cd1f45 · 2cd1f45
1 parent f403784
commit 2cd1f45
Show file tree

Hide file tree

Showing 5 changed files with 65 additions and 5 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -13,6 +13,8 @@ crate-type = ["cdylib"]
 [dependencies]
 pssh-box = "0.1.3"
 serde = { version = "1.0", features = ["derive"] }
+url = "2.5.0"
+hex = "0.4.3"
 wasm-bindgen = { version = "0.2.91" }
 serde-wasm-bindgen = "0.6.3"
 wasm-bindgen-futures = "0.4.41"

diff --git a/src/lib.rs b/src/lib.rs
@@ -4,6 +4,7 @@ use wasm_bindgen::prelude::*;
 use wasm_bindgen::JsCast;
 use wasm_bindgen_futures::JsFuture;
 use web_sys::{Request, RequestInit, Response};
+use url::Url;
 use html_escape::encode_text;
 use pssh_box::{from_base64, from_hex, from_buffer, find_iter};
 use pssh_box::{PsshBox, PsshBoxVec, DRMKeyId, PsshData};
@@ -99,14 +100,16 @@ pub fn generate_widevine_pssh_b64(
 {
     console_error_panic_hook::set_once();
 
+    if hex::decode(content_id).is_err() {
+        return Err(PsshBoxWasmError::Parsing(String::from("content_id not in hexademical format")).into());
+    }
     let mut pssh = PsshBox::new_widevine();
     let kids: Vec<String> = serde_wasm_bindgen::from_value(kids_jsval)?;
     for kid_string in kids {
         let kid = DRMKeyId::try_from(&kid_string as &str)
             .map_err(|_| PsshBoxWasmError::InvalidKeyId(format!("{kid_string:?}")))?;
         pssh.add_key_id(kid);
     }
-    // TODO check that content_id has valid hex encoding
     if let PsshData::Widevine(ref mut pd) = pssh.pssh_data {
         pd.provider = Some(String::from(provider));
         pd.policy = Some(String::from(policy));
@@ -118,6 +121,16 @@ pub fn generate_widevine_pssh_b64(
 
 #[wasm_bindgen]
 pub async fn fetch_pssh_data(url: &str) -> Result<String, JsError> {
+    match Url::parse(url) {
+        Ok(u) => {
+            if u.scheme() != "https" {
+                return Err(PsshBoxWasmError::Parsing(String::from("URL must be HTTPS")).into());
+            }
+        },
+        Err(e) => {
+            return Err(PsshBoxWasmError::Parsing(format!("invalid URL: {e:?}")).into());
+        },
+    }
     let mut opts = RequestInit::new();
     opts.method("GET");
     let request = Request::new_with_str_and_init(&url, &opts)

diff --git a/www-zola/static/js/decode.js b/www-zola/static/js/decode.js
@@ -7,8 +7,8 @@ document.getElementById("go").addEventListener("click", function(e) {
     e.preventDefault();
     let input = document.getElementById("pssh").value.trim();
     let out = document.getElementById("output");
-    let decoded;
     try {
+        let decoded;
         if (document.getElementById("fmt_base64").checked) {
             decoded = pssh_base64_to_html(input);
         } else {

diff --git a/www-zola/static/js/fetch-init.js b/www-zola/static/js/fetch-init.js
@@ -22,3 +22,48 @@ document.getElementById("go").addEventListener("click", function(e) {
         });
     e.target.style.cursor = "auto";
 });
+
+
+// Inspired by https://oliverjam.es/articles/better-native-form-validation
+function initValidation(form) {
+    form.setAttribute("novalidate", "");
+    form.addEventListener("submit", () => {
+        if (!form.checkValidity()) {
+            event.preventDefault();
+        }
+    })
+
+    let field = document.getElementById("url");
+    field.setAttribute("aria-invalid", false);
+    const helpBox = document.createElement("small");
+    const helpId = field.id + "Helper";
+    helpBox.setAttribute("id", helpId);
+    field.setAttribute("aria-describedby", helpId);
+    field.insertAdjacentElement("afterend", helpBox);
+    field.addEventListener("invalid", () => {
+        field.setAttribute("aria-invalid", true);
+        helpBox.textContent = getMessage(field) || field.validationMessage;
+    })
+
+    field.addEventListener("blur", () => {
+        field.checkValidity();
+    })
+
+    field.addEventListener("input", () => {
+        if (field.checkValidity()) {
+            field.setAttribute("aria-invalid", false);
+            helpBox.textContent = "";
+        }
+    });
+}
+
+function getMessage(field) {
+    const validity = field.validity;
+    if (validity.valueMissing) return `Please enter your ${field.name || field.id}`;
+    if (validity.typeMismatch) return `Please enter a valid ${field.type}`;
+}
+
+document.addEventListener("DOMContentLoaded", function () {
+   const form = document.querySelector("form");
+   initValidation(form);
+})
diff --git a/www-zola/templates/base.html b/www-zola/templates/base.html
@@ -48,15 +48,15 @@
         {% else %}
           <li><h1>PSSH box tools</h1></li>
         {% endif %}
-          <li><img src="{{ config.base_url }}img/beta.svg" style="width:2em;position:relative;top:-2.4ex;" alt="">
+          <li><img src="{{ config.base_url }}img/beta.svg" style="width:2em;position:relative;top:-2.4ex;" alt=""></li>
         </ul>
       <ul>
         {% if current_path != "/decode/" %}
-        <li><a href="../decode/">Decode PSSH</a></li> |
+        <li><a href="../decode/">Decode PSSH</a> |</li>
         {% endif %}
         {% if current_path != "/generate/" %}
         <li><img src="{{ config.base_url}}img/anvil.svg" style="width:1em" alt="">
-         <a href="../generate/">Generate Widevine PSSH</a></li> |
+         <a href="../generate/">Generate Widevine PSSH</a> |</li>
         {% endif %}
         {% if current_path != "/fetch-init/" %}
         <li><a href="../fetch-init/">Fetch init segment</a></li>