disallow some special characters in item name/categ/desc

vguo2037 · vguo2037 · commit d0da83decede · 2022-11-10T10:15:24.000+11:00
diff --git a/src/pages/AddItem.js b/src/pages/AddItem.js
@@ -85,17 +85,38 @@ const AddItem = (props) => {
 
     let imgString = "";
 
+    const newName = e.target.newName.value;
+    const newCateg = e.target.newCateg.value;
+    const newDesc = e.target.newDesc.value != null ? e.target.newDesc.value : "";
+
     // disallow leading/trailing spaces in names & categories
-    if (/^\s/.test(e.target.newName.value) || /\s$/.test(e.target.newName.value)) {
+    if (/^\s/.test(newName) || /\s$/.test(newName)) {
       setWarning("No trailing or leading whitespaces allowed in item name.");
       setSubmitting(false);
       return;
     }
-    if (/^\s/.test(e.target.newCateg.value) || /\s$/.test(e.target.newCateg.value)) {
+    if (/^\s/.test(newCateg) || /\s$/.test(newCateg)) {
       setWarning("No trailing or leading whitespaces allowed in item category.");
       setSubmitting(false);
       return;
     }
+    
+    // disallow some special characters
+    if (/["\\/{};<>`]/.test(newName)) {
+      setWarning(`The special characters "\\/{};<>\` are not allowed in item name.`);
+      setSubmitting(false);
+      return;
+    }
+    if (/["\\/{};<>`]/.test(newCateg)) {
+      setWarning(`The special characters "\\/{};<>\` are not allowed in item category.`);
+      setSubmitting(false);
+      return;
+    }
+    if (/["\\/{};<>`]/.test(newDesc)) {
+      setWarning(`The special characters "\\/{};<>\` are not allowed in item description.`);
+      setSubmitting(false);
+      return;
+    }
 
     if (itemImg !== null) {
       imgString = await new Promise((resolve) => {
diff --git a/src/pages/ItemEdit.js b/src/pages/ItemEdit.js
@@ -90,6 +90,23 @@ const ItemEdit = (props) => {
       setSubmitting(false);
       return;
     }
+    
+    // disallow some special characters
+    if (/["\\/{};<>`]/.test(newName)) {
+      setWarning(`The special characters "\\/{};<>\` are not allowed in item name.`);
+      setSubmitting(false);
+      return;
+    }
+    if (/["\\/{};<>`]/.test(newCateg)) {
+      setWarning(`The special characters "\\/{};<>\` are not allowed in item category.`);
+      setSubmitting(false);
+      return;
+    }
+    if (/["\\/{};<>`]/.test(newDesc)) {
+      setWarning(`The special characters "\\/{};<>\` are not allowed in item description.`);
+      setSubmitting(false);
+      return;
+    }
 
     // convert any new images into base64 string
     if (itemImg !== null) {
diff --git a/src/utils/itemHelpers.js b/src/utils/itemHelpers.js
@@ -92,9 +92,9 @@ const saveItem = async (e, itemId, categList, setCategList, imgString, uid, newI
     being_loaned: false, loan_frequency: 0
   } : { _id: itemId } ;
   if (imgString !== "") formData.image_enc = imgString;
-  if (newName !== "") formData.item_name = newName.replace(/["'\\/{}<>`]/g,"");
-  if (newCateg !== "") formData.category = newCateg.replace(/["'\\/{}<>`]/g,"");
-  formData.description = newDesc.replace(/["'\\/{}<>`]/g,"");
+  if (newName !== "") formData.item_name = newName;
+  if (newCateg !== "") formData.category = newCateg;
+  formData.description = newDesc;
 
   // If new category not currently in user's available categories, put a request to user to add it
   if (formData.category !== "" && !(categList.includes(formData.category))) {
