feat(book-library): improve security and persistence

- Implement LocalStorage for data persistence
- Use textContent to prevent XSS attacks
- Remove inline event handlers
- Update colours and responsive styling

Author: Tarawally

debugging/book-library/index.html

@@ -31,15 +31,15 @@ <h1>Library</h1>
       <div class="form-group">
         <label for="title">Title:</label>
         <input
-          type="title"
+          type="text"
           class="form-control"
           id="title"
           name="title"
           required
         />
         <label for="author">Author: </label>
         <input
-          type="author"
+          type="text"
           class="form-control"
           id="author"
           name="author"
@@ -64,32 +64,26 @@ <h1>Library</h1>
         <input
           type="submit"
           value="Submit"
-          class="btn btn-primary"
-          onclick="submit();"
+          class="btn btn-primary btn-block"
+          id="submit-book-btn"
         />
       </div>
     </div>
 
-    <table class="table" id="display">
-      <thead class="thead-dark">
-        <tr>
-          <th>Title</th>
-          <th>Author</th>
-          <th>Number of Pages</th>
-          <th>Read</th>
-          <th></th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td></td>
-          <td></td>
-          <td></td>
-          <td></td>
-          <td></td>
-        </tr>
-      </tbody>
-    </table>
+    <div class="table-responsive">
+      <table class="table table-hover" id="display">
+        <thead class="thead-dark">
+          <tr>
+            <th>Title</th>
+            <th>Author</th>
+            <th>Number of Pages</th>
+            <th>Read</th>
+            <th></th>
+          </tr>
+        </thead>
+        <tbody></tbody>
+      </table>
+    </div>
 
     <script src="script.js"></script>
   </body>

debugging/book-library/script.js

@@ -1,12 +1,25 @@
+const title = document.getElementById("title");
+const author = document.getElementById("author");
+const pages = document.getElementById("pages");
+const check = document.getElementById("check");
+const table = document.getElementById("display");
+const submitBtn = document.getElementById("submit-book-btn");
+
 let myLibrary = [];
 
-window.addEventListener("load", function (e) {
+window.addEventListener("load", function () {
   populateStorage();
   render();
 });
 
+submitBtn.addEventListener("click", addBook);
+
 function populateStorage() {
-  if (myLibrary.length == 0) {
+  const storedLibrary = localStorage.getItem("myLibrary");
+  if (storedLibrary) {
+    myLibrary = JSON.parse(storedLibrary);
+  } else {
+    // Default books if nothing in storage
     let book1 = new Book("Robison Crusoe", "Daniel Defoe", "252", true);
     let book2 = new Book(
       "The Old Man and the Sea",
@@ -16,30 +29,35 @@ function populateStorage() {
     );
     myLibrary.push(book1);
     myLibrary.push(book2);
-    render();
+    saveStorage();
   }
 }
 
-const title = document.getElementById("title");
-const author = document.getElementById("author");
-const pages = document.getElementById("pages");
-const check = document.getElementById("check");
+function saveStorage() {
+  localStorage.setItem("myLibrary", JSON.stringify(myLibrary));
+}
 
 //check the right input from forms and if its ok -> add the new book (object in array)
 //via Book function and start render function
-function submit() {
-  if (
-    title.value == null ||
-    title.value == "" ||
-    pages.value == null ||
-    pages.value == ""
-  ) {
+function addBook(e) {
+  // Prevent form submission if we wrap this in a form later,
+  // though currently it's just a button. Good practice.
+  if (e) e.preventDefault();
+
+  if (!title.value || !author.value || !pages.value) {
     alert("Please fill all fields!");
     return false;
   } else {
-    let book = new Book(title.value, title.value, pages.value, check.checked);
-    library.push(book);
+    let book = new Book(title.value, author.value, pages.value, check.checked);
+    myLibrary.push(book);
+    saveStorage();
     render();
+
+    // Clear inputs
+    title.value = "";
+    author.value = "";
+    pages.value = "";
+    check.checked = false;
   }
 }
 
@@ -51,53 +69,59 @@ function Book(title, author, pages, check) {
 }
 
 function render() {
-  let table = document.getElementById("display");
   let rowsNumber = table.rows.length;
   //delete old table
-  for (let n = rowsNumber - 1; n > 0; n-- {
+  for (let n = rowsNumber - 1; n > 0; n--) {
     table.deleteRow(n);
   }
   //insert updated row and cells
   let length = myLibrary.length;
   for (let i = 0; i < length; i++) {
-    let row = table.insertRow(1);
+    // Insert at the end of the table
+    let row = table.insertRow(-1);
     let titleCell = row.insertCell(0);
     let authorCell = row.insertCell(1);
     let pagesCell = row.insertCell(2);
     let wasReadCell = row.insertCell(3);
     let deleteCell = row.insertCell(4);
-    titleCell.innerHTML = myLibrary[i].title;
-    authorCell.innerHTML = myLibrary[i].author;
-    pagesCell.innerHTML = myLibrary[i].pages;
+
+    // SECURITY: Use textContent to prevent XSS
+    titleCell.textContent = myLibrary[i].title;
+    authorCell.textContent = myLibrary[i].author;
+    pagesCell.textContent = myLibrary[i].pages;
 
     //add and wait for action for read/unread button
     let changeBut = document.createElement("button");
-    changeBut.id = i;
+    // Removed arbitrary index-based ID
     changeBut.className = "btn btn-success";
     wasReadCell.appendChild(changeBut);
+
     let readStatus = "";
     if (myLibrary[i].check == false) {
-      readStatus = "Yes";
-    } else {
       readStatus = "No";
+    } else {
+      readStatus = "Yes";
     }
-    changeBut.innerText = readStatus;
+    changeBut.textContent = readStatus;
 
     changeBut.addEventListener("click", function () {
       myLibrary[i].check = !myLibrary[i].check;
+      saveStorage();
       render();
     });
 
     //add delete button to every row and render again
     let delButton = document.createElement("button");
-    delBut.id = i + 5;
-    deleteCell.appendChild(delBut);
-    delBut.className = "btn btn-warning";
-    delBut.innerHTML = "Delete";
-    delBut.addEventListener("clicks", function () {
-      alert(`You've deleted title: ${myLibrary[i].title}`);
-      myLibrary.splice(i, 1);
-      render();
+    // Removed arbitrary index-based ID
+    deleteCell.appendChild(delButton);
+    delButton.className = "btn btn-warning";
+    delButton.textContent = "Delete";
+    delButton.addEventListener("click", function () {
+      if (confirm(`Are you sure you want to delete: ${myLibrary[i].title}?`)) {
+        myLibrary.splice(i, 1);
+        saveStorage();
+        render();
+      }
     });
   }
 }

debugging/book-library/style.css

@@ -1,19 +1,132 @@
-.form-group {
-  width: 400px;
-  height: 300px;
-  align-self: left;
-  padding-left: 20px;
+/* Google Fonts */
+@import url("https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap");
+
+body {
+  font-family: "Roboto", sans-serif;
+  background-color: #f8f9fa;
+  color: #333;
 }
 
+.jumbotron {
+  background-color: #343a40;
+  color: white;
+  padding: 2rem 1rem;
+  margin-bottom: 2rem;
+  border-radius: 0;
+}
+
+.jumbotron h1 {
+  font-weight: 700;
+}
+
+/* Button Styling */
 .btn {
-  display: block;
+  border-radius: 20px;
+  padding: 8px 20px;
+  font-weight: 500;
+  transition: all 0.3s ease;
+}
+
+.btn-info {
+  background-color: #17a2b8;
+  border-color: #17a2b8;
+  color: white;
+}
+
+.btn-info:hover {
+  background-color: #138496;
+  border-color: #117a8b;
+  transform: translateY(-2px);
+  box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);
+}
+
+/* Form Styling */
+#demo.collapse.show {
+  display: flex;
+  justify-content: center;
+  margin-bottom: 20px;
+}
+
+.form-group {
+  background: white;
+  padding: 2rem;
+  border-radius: 8px;
+  box-shadow: 0 4px 6px rgba(0, 0, 0, 0.05);
+  width: 100%;
+  max-width: 500px;
+  margin: 0 auto;
+}
+
+.form-control {
+  border-radius: 5px;
+  border: 1px solid #ced4da;
+  padding: 10px;
+}
+
+.form-control:focus {
+  box-shadow: 0 0 0 0.2rem rgba(23, 162, 184, 0.25);
+  border-color: #17a2b8;
+}
+
+label {
+  font-weight: 500;
+  margin-top: 10px;
 }
 
 .form-check-label {
-  padding-left: 20px;
-  margin: 5px 0px 5px 0px;
+  display: flex;
+  align-items: center;
+  margin: 15px 0;
+  cursor: pointer;
 }
 
-button.btn-info {
-  margin: 20px;
+.form-check-input {
+  margin-right: 10px;
+  margin-top: 0;
+}
+
+/* Table Styling */
+.table-responsive {
+  margin-top: 20px;
+  padding: 0 15px;
+}
+
+.table {
+  background: white;
+  border-radius: 8px;
+  overflow: hidden;
+  box-shadow: 0 4px 6px rgba(0, 0, 0, 0.05);
+}
+
+.thead-dark th {
+  background-color: #343a40;
+  border-color: #454d55;
+  color: white;
+}
+
+.table td,
+.table th {
+  vertical-align: middle;
+}
+
+/* Responsive Adjustments */
+@media (max-width: 576px) {
+  .jumbotron {
+    padding: 1.5rem 1rem;
+  }
+
+  .btn {
+    width: 100%;
+    margin-bottom: 10px;
+  }
+
+  .form-group {
+    padding: 1rem;
+  }
+
+  button.btn-info {
+    margin: 10px auto;
+    display: block;
+    width: 90%;
+  }
 }