Author: sebb
Date: Thu Jun 19 11:07:11 2025
New Revision: 1926583
URL: http://svn.apache.org/viewvc?rev=1926583&view=rev
Log:
Validate committee name
Modified:
comdev/reporter.apache.org/trunk/site/js/addrelease.js
Modified: comdev/reporter.apache.org/trunk/site/js/addrelease.js
URL:
http://svn.apache.org/viewvc/comdev/reporter.apache.org/trunk/site/js/addrelease.js?rev=1926583&r1=1926582&r2=1926583&view=diff
==============================================================================
--- comdev/reporter.apache.org/trunk/site/js/addrelease.js (original)
+++ comdev/reporter.apache.org/trunk/site/js/addrelease.js Thu Jun 19 11:07:11
2025
@@ -1,8 +1,13 @@
// location may have appended ;yyyy for debugging purposes
// limit param can be passed as query param in URL to limit # of releases
written to the page
// This URL-handling section could use clean-up
+const not_a_pmc = /[^-a-z0-9]/; // valid names are alphanumeric and '-'
(empire-db only)
var srch = document.location.search.substr(1).split(';'); // drop ? from the
search and split at semicolon
var committee = srch[0].split('&')[0]; // before the semi (if any) and amp (if
any)
+if (not_a_pmc.test(committee)) { // does name contain an invalid character?
+ alert("Not a valid committee name!");
+ committee = null;
+}
var baseyear = 1999;
if (srch.length > 1) {
baseyear = parseInt(srch[1]); // grab trailing start year
