improved host input sanitizing

Author: natankeddem

bale/drawer.py

@@ -1,3 +1,4 @@
+from typing import Optional
 from nicegui import ui  # type: ignore
 from bale import elements as el
 from bale.tabs import Tab
@@ -97,8 +98,12 @@ async def send_key():
         with ui.dialog() as host_dialog, el.Card():
             with el.DBody(height="[560px]", width="[360px]"):
                 with el.WColumn():
-                    host_input = el.DInput(label="Host", value=" ")
-                    hostname_input = el.DInput(label="Hostname", value=" ")
+                    all_hosts = list(ssh.get_hosts())
+                    if name != "":
+                        if name in all_hosts:
+                            all_hosts.remove(name)
+                    host_input = el.VInput(label="Host", value=" ", invalid_characters="""'`"$\\;&<>|(){} """, invalid_values=all_hosts, max_length=20)
+                    hostname_input = el.VInput(label="Hostname", value=" ", invalid_characters="""!@#$%^&*'`"\\/:;<>|(){}=+[],? """)
                     username_input = el.DInput(label="Username", value=" ")
                     save_em = el.ErrorAggregator(host_input, hostname_input, username_input)
                     with el.Card() as c:

bale/elements.py

@@ -131,6 +131,52 @@ def __init__(
             self.value = ""
 
 
+class VInput(ui.input):
+    def __init__(
+        self,
+        label: str | None = None,
+        *,
+        placeholder: str | None = None,
+        value: str = " ",
+        password: bool = False,
+        password_toggle_button: bool = False,
+        on_change: Callable[..., Any] | None = None,
+        autocomplete: List[str] | None = None,
+        invalid_characters: str = "",
+        invalid_values: List[str] = [],
+        max_length: int = 64,
+        check: Callable[..., Any] | None = None,
+    ) -> None:
+        def checks(value: str) -> bool:
+            if value is None or value == "" or len(value) > max_length:
+                return False
+            for invalid_character in invalid_characters:
+                if invalid_character in value:
+                    return False
+            for invalid_value in invalid_values:
+                if invalid_value == value:
+                    return False
+            if check is not None:
+                check_status = check(value)
+                if check_status is not None:
+                    return check_status
+            return True
+
+        super().__init__(
+            label,
+            placeholder=placeholder,
+            value=value,
+            password=password,
+            password_toggle_button=password_toggle_button,
+            on_change=on_change,
+            autocomplete=autocomplete,
+            validation={"": lambda value: checks(value)},
+        )
+        self.tailwind.width("full")
+        if value == " ":
+            self.value = ""
+
+
 class FInput(ui.input):
     def __init__(
         self,