GLASGOW | May-2025 | Taras Mykytiuk | Sprint 2 | Book library

debugging/book-library/index.html

@@ -1,20 +1,17 @@
 <!DOCTYPE html>
-<html>
+<html lang="en">
   <head>
-    <title> </title>
-    <meta
-      charset="utf-8"
-      name="viewport"
-      content="width=device-width, initial-scale=1.0"
-    />
+    <title>Library</title>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
     <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
     <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js"></script>
     <link
       rel="stylesheet"
       href="https://maxcdn.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css"
-    />
-    <link rel="stylesheet" type="text/css" href="style.css" />
+    >
+    <link rel="stylesheet" type="text/css" href="style.css">
   </head>
 
   <body>
@@ -31,42 +28,42 @@ <h1>Library</h1>
       <div class="form-group">
         <label for="title">Title:</label>
         <input
-          type="title"
+          type="text"
           class="form-control"
           id="title"
           name="title"
           required
-        />
+        >
         <label for="author">Author: </label>
         <input
-          type="author"
+          type="text"
           class="form-control"
           id="author"
           name="author"
           required
-        />
+        >
         <label for="pages">Pages:</label>
         <input
-          type="number"
+          type="text"
           class="form-control"
           id="pages"
           name="pages"
           required
-        />
+        >
         <label class="form-check-label">
           <input
             type="checkbox"
             class="form-check-input"
             id="check"
             value=""
-          />Read
+          >Read
         </label>
         <input
           type="submit"
           value="Submit"
           class="btn btn-primary"
           onclick="submit();"
-        />
+        >
       </div>
     </div>
 
@@ -93,4 +90,4 @@ <h1>Library</h1>
 
     <script src="script.js"></script>
   </body>
-</html>
+</html>

debugging/book-library/script.js

@@ -2,16 +2,15 @@ let myLibrary = [];
 
 window.addEventListener("load", function (e) {
   populateStorage();
-  render();
 });
 
 function populateStorage() {
   if (myLibrary.length == 0) {
-    let book1 = new Book("Robison Crusoe", "Daniel Defoe", "252", true);
+    let book1 = new Book("Robison Crusoe", "Daniel Defoe", Number("252"), true);
     let book2 = new Book(
       "The Old Man and the Sea",
       "Ernest Hemingway",
-      "127",
+      parseInt("127"),
       true
     );
     myLibrary.push(book1);
@@ -20,25 +19,51 @@ function populateStorage() {
   }
 }
 
-const title = document.getElementById("title");
-const author = document.getElementById("author");
-const pages = document.getElementById("pages");
-const check = document.getElementById("check");
+const bookTitleInput = document.getElementById("title");
+const bookAuthorInput = document.getElementById("author");
+const bookNumberOfPagesInput = document.getElementById("pages");
+const isBookReadCheckBox = document.getElementById("check");
+
+// Strip out HTML tags (to prevent XSS)
+function sanitizeInput(str) {
+  const div = document.createElement('div');
+  div.textContent = str;
+  return div.innerHTML;
+}
+
+// To check if pages input can be safely converted to integer
+function isValidInteger(input) {
+  return Number.isInteger(input);
+}
+// prevent accidental hexadecimal input
+function isHexadecimal(input) {
+  return /^0x[0-9a-fA-F]+$/.test(input);
+}
 
 //check the right input from forms and if its ok -> add the new book (object in array)
 //via Book function and start render function
 function submit() {
   if (
-    title.value == null ||
-    title.value == "" ||
-    pages.value == null ||
-    pages.value == ""
+    bookTitleInput.value.trim() == "" ||
+    bookAuthorInput.value.trim() == "" ||
+    bookNumberOfPagesInput.value.trim() == ""
   ) {
     alert("Please fill all fields!");
     return false;
-  } else {
-    let book = new Book(title.value, title.value, pages.value, check.checked);
-    library.push(book);
+  } else if (
+    isNaN(Number(bookNumberOfPagesInput.value.trim())) ||
+    !isValidInteger(Number(bookNumberOfPagesInput.value.trim())) ||
+    isHexadecimal(bookNumberOfPagesInput.value.trim()) ||
+    Number(bookNumberOfPagesInput.value.trim()) <= 0
+  ) {
+    alert("Invalid number of pages format!");
+    return false;
+  }  else {
+    const bookTitle = sanitizeInput(bookTitleInput.value.trim());
+    const bookAuthor = sanitizeInput(bookAuthorInput.value.trim());
+    const bookNumberOfPages = parseInt(sanitizeInput(bookNumberOfPagesInput.value.trim()), 10);
+    let book = new Book(bookTitle, bookAuthor, bookNumberOfPages, isBookReadCheckBox.checked);
+    myLibrary.push(book);
     render();
   }
 }
@@ -52,51 +77,46 @@ function Book(title, author, pages, check) {
 
 function render() {
   let table = document.getElementById("display");
-  let rowsNumber = table.rows.length;
-  //delete old table
-  for (let n = rowsNumber - 1; n > 0; n-- {
-    table.deleteRow(n);
-  }
+  let tableBody = table.querySelector("tbody");
+  tableBody.innerHTML = '';
   //insert updated row and cells
   let length = myLibrary.length;
   for (let i = 0; i < length; i++) {
-    let row = table.insertRow(1);
+    let row = tableBody.insertRow();
     let titleCell = row.insertCell(0);
     let authorCell = row.insertCell(1);
     let pagesCell = row.insertCell(2);
     let wasReadCell = row.insertCell(3);
     let deleteCell = row.insertCell(4);
-    titleCell.innerHTML = myLibrary[i].title;
-    authorCell.innerHTML = myLibrary[i].author;
-    pagesCell.innerHTML = myLibrary[i].pages;
+    titleCell.textContent = myLibrary[i].title;
+    authorCell.textContent = myLibrary[i].author;
+    pagesCell.textContent = myLibrary[i].pages;
 
     //add and wait for action for read/unread button
-    let changeBut = document.createElement("button");
-    changeBut.id = i;
-    changeBut.className = "btn btn-success";
-    wasReadCell.appendChild(changeBut);
+    let changeReadStatusButton = document.createElement("button");
+    changeReadStatusButton.className = "btn btn-success";
+    wasReadCell.appendChild(changeReadStatusButton);
     let readStatus = "";
     if (myLibrary[i].check == false) {
-      readStatus = "Yes";
-    } else {
       readStatus = "No";
+    } else {
+      readStatus = "Yes";
     }
-    changeBut.innerText = readStatus;
+    changeReadStatusButton.innerText = readStatus;
 
-    changeBut.addEventListener("click", function () {
+    changeReadStatusButton.addEventListener("click", function () {
       myLibrary[i].check = !myLibrary[i].check;
       render();
     });
 
     //add delete button to every row and render again
-    let delButton = document.createElement("button");
-    delBut.id = i + 5;
-    deleteCell.appendChild(delBut);
-    delBut.className = "btn btn-warning";
-    delBut.innerHTML = "Delete";
-    delBut.addEventListener("clicks", function () {
-      alert(`You've deleted title: ${myLibrary[i].title}`);
+    let deleteBookButton = document.createElement("button");
+    deleteCell.appendChild(deleteBookButton);
+    deleteBookButton.className = "btn btn-warning";
+    deleteBookButton.innerHTML = "Delete";
+    deleteBookButton.addEventListener("click", function () {
       myLibrary.splice(i, 1);
+      alert(`You've deleted title: ${myLibrary[i].title}`);
       render();
     });
   }