From d63a4a6f9f02d7b189834ec220b603125a5df6dd Mon Sep 17 00:00:00 2001
From: Willem <willem.git.2015@forwardfire.net>
Date: Thu, 21 Jan 2016 22:17:22 +0100
Subject: [PATCH] Added input filtering and validation

---
 README.md            | 18 ++++++++++++----
 es5-ff-spa-loader.js | 49 ++++++++++++++++++++++++++++++++++++++------
 2 files changed, 57 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index 694b0f8..aa2febb 100644
--- a/README.md
+++ b/README.md
@@ -92,10 +92,16 @@ A javascript library providing server defined loading of assets for a single pag
  * question.title = The question ui title. (default: 'Server')
  * question.text = The question ui text. (default: 'Please provide the server name;')
  * question.style = The question ui css style.(note: pending change) (default: green border box)
- * cache.meta = The cache backend for the meta information(server.url+content), null is auto select. (default: null)
- * cache.js = The cache backend for for js, null is auto select. (default: null)
- * cache.css = The cache backend for for css, null is auto select. (default: null)
- * cache.cssData = The cache backend for for cssData, null is auto select. (default: null)
+ * question.validate.min.value = The minimal hostname length, false is disabled (default: 3)
+ * question.validate.min.message = The error message (default: 'Server name is to short.')
+ * question.validate.max.value = The maximal hostname length, false is disabled (default: 255)
+ * question.validate.max.message =The error message (default: 'Server name is to long.')
+ * question.validate.regex.value = The regex to validate the hostname, false is disabled. (default: '^([a-zA-Z0-9\.\:])*$')
+ * question.validate.regex.message = The error message (default: 'Server name is invalid.')
+ * cache.meta = The cache backend for the meta information(server.url+content), null is auto select,false is disable. (default: null)
+ * cache.js = The cache backend for for js, null is auto select,false is disable. (default: null)
+ * cache.css = The cache backend for for css, null is auto select,false is disable. (default: null)
+ * cache.cssData = The cache backend for for cssData, null is auto select,false is disable. (default: null)
 
 
 ## Factory
@@ -166,6 +172,10 @@ Add unit tests for any new or changed functionality. Lint and test your code.
 
 ### 0.1.0
 * Moved options.server.question to options.question
+* Added question.validate.[min|max|regex].value|message options.
+* Strip question value to hostname+port before use and validating.
+* Allow user upgrade to https in question input from default of transport option.
+
 
 ### 0.0.4
 * Added auto cache clean code 
diff --git a/es5-ff-spa-loader.js b/es5-ff-spa-loader.js
index 2451fe2..685b3ba 100644
--- a/es5-ff-spa-loader.js
+++ b/es5-ff-spa-loader.js
@@ -80,7 +80,21 @@
 			transport: 'http://',
 			title:     'Server',
 			text:      'Please provide the server name;', // TODO: rename .ffAskUrl 
-			style:     '.ffAskUrl { font-size: 1em;margin: auto;width: 90%;border: 3px solid #73AD21;padding-left: 1em;padding-bottom: 1em;} .ffAskUrl > div {font-size: 0.8em;color: #ccc;} .ffAskUrl > div > * {} .ffAskUrl > div > input {} .ffAskUrlError{ color: red}',	
+			style:     '.ffAskUrl { font-size: 1em;margin: auto;width: 90%;border: 3px solid #73AD21;padding-left: 1em;padding-bottom: 1em;} .ffAskUrl > div {font-size: 0.8em;color: #ccc;} .ffAskUrl > div > * {} .ffAskUrl > div > input {} .ffAskUrlError{ color: red}',
+			validate: {
+				min: {
+					value: 3,
+					message: 'Server name is to short.'
+				},
+				max: {
+					value: 255,
+					message: 'Server name is to long.'
+				},
+				regex: {
+					value: '^([a-zA-Z0-9\.\:])*$',
+					message: 'Server name is invalid.'
+				}
+			}
 		},
 		cache: {
 			meta:    null,
@@ -583,17 +597,40 @@
 	var askUrlValidate = function (cb,deleteTag) {
 		var inputTag = document.getElementById('serverInput');
 		var inputErrorTag = document.getElementById('serverInputError');
+		var inputValueRaw = inputTag.value;
 		
 		while (inputErrorTag.firstChild) {
 			inputErrorTag.removeChild(inputErrorTag.firstChild); // clear error
 		}
 		
-		options.server.url = '';
-		if (inputTag.value.indexOf('http') === -1) {
-			options.server.url += options.question.transport;
+		var inputValueHost = null;
+		if (inputValueRaw.indexOf("://") >= 0) {
+			inputValueHost = inputValueRaw.split('/')[2];
+	    } else {
+	    	inputValueHost = inputValueRaw.split('/')[0];
+	    }
+		
+		if (options.question.validate.min.value !== false && inputValueHost.length < options.question.validate.min.value) {
+			inputErrorTag.appendChild(document.createTextNode(options.question.validate.min.message));
+			return;
+		}
+		if (options.question.validate.max.value !== false && inputValueHost.length > options.question.validate.max.value) {
+			inputErrorTag.appendChild(document.createTextNode(options.question.validate.max.message));
+			return;
+		}
+		if (options.question.validate.regex.value !== false && options.question.validate.regex.value.length !== 0) {
+			var regex = new RegExp(options.question.validate.regex.value);
+			if (inputValueHost.match(regex) === null) {
+				inputErrorTag.appendChild(document.createTextNode(options.question.validate.regex.message));
+				return;
+			}
+		}
+		
+		if (inputValueRaw.indexOf('https') === 0) {
+			options.server.url = 'https://' + inputValueHost; // allow user to upgrade to https but not to downgrade to http
+		} else {
+			options.server.url = options.question.transport + inputValueHost;
 		}
-		options.server.url += inputTag.value;
-		// TODO: auto rm ending /
 		
 		var resourcesUrl = options.server.url + options.server.assets;  
 		utilDebug('askUrlStart check assets '+resourcesUrl);