Skip to content

Commit

Permalink
Validate default response value received when creating/updating assets (
Browse files Browse the repository at this point in the history
#37)

* Validate default response value received when creating/updating assets

* Showcase error on UI

* Reject promise to complete async operations. Include API tests

* Expound existing tests

* Prettify error message
  • Loading branch information
WinnyTroy committed Aug 17, 2021
1 parent eb8518d commit d876c38
Showing 1 changed file with 12 additions and 0 deletions.
12 changes: 12 additions & 0 deletions kpi/models/asset.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
# coding: utf-8
# 😬
import re
import copy
import sys
from collections import OrderedDict
Expand Down Expand Up @@ -395,6 +396,16 @@ def _rename_translation(self, content, _from, _to):
raise ValueError('Duplicate translation: {}'.format(_to))
_ts[_ts.index(_from)] = _to

def _contains_invalid_chars(self, content):
for row in content['survey']:
try:
if row['default'] and bool(re.search(
r'[<|>|&]', row['default'])):
raise ValidationError(
'XForm questions settings may contain malicious content')
except KeyError:
pass


class XlsExportable:
def ordered_xlsform_content(self,
Expand Down Expand Up @@ -701,6 +712,7 @@ def adjust_content_on_save(self):
self._autoname(self.content)
self._unlink_list_items(self.content)
self._remove_empty_expressions(self.content)
self._contains_invalid_chars(self.content)

settings = self.content['settings']
_title = settings.pop('form_title', None)
Expand Down

0 comments on commit d876c38

Please sign in to comment.