changeset 14:7d0c96408abf

restrict name
author Franklin Schmidt <fschmidt@gmail.com>
date Mon, 04 Jul 2022 17:04:14 -0600
parents 24668255cede
children 0edde02b908c
files src/login.html.luan
diffstat 1 files changed, 3 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
diff -r 24668255cede -r 7d0c96408abf src/login.html.luan
--- a/src/login.html.luan	Sun Jul 03 23:59:41 2022 -0600
+++ b/src/login.html.luan	Mon Jul 04 17:04:14 2022 -0600
@@ -2,6 +2,7 @@
 local error = Luan.error
 local String = require "luan:String.luan"
 local trim = String.trim or error()
+local matches = String.matches or error()
 local Html = require "luan:Html.luan"
 local url_encode = Html.url_encode or error()
 local Io = require "luan:Io.luan"
@@ -42,7 +43,7 @@
 				<input type="hidden" name="email" value="<%= user.email %>" >
 				<input type="hidden" name="password" value="<%= user.password %>" >
 				<label>User name for <%= user.email %></label>
-				<input type="text" name="name" value="<%= name or "" %>" autofocus required>
+				<input type="text" name="name" value="<%= name or "" %>" autofocus required pattern="[a-zA-Z0-9_-]+">
 				<input type="submit" value="Register">
 			</form>
 <%
@@ -115,7 +116,7 @@
 		end
 	else
 		name = trim(name)
-		#name > 0 or error "empty name"
+		matches( name, "^[a-zA-Z0-9_-]+$" ) or error "invalid name"
 		local error_message = nil
 		local user
 		run_in_transaction( function()