From: Steinar H. Gunderson <sgunderson@bigfoot.com>
Date: Sun, 20 Mar 2016 23:01:43 +0000 (+0100)
Subject: Make the JavaScript validate the FENs before sending them off to the server, which... 
X-Git-Url: https://git.sesse.net/?p=remoteglot;a=commitdiff_plain;h=95264bb7edad2a22c3a4db6a91082389732a26c8

Make the JavaScript validate the FENs before sending them off to the server, which is not hardened.
---

diff --git a/www/js/hash-lookup.js b/www/js/hash-lookup.js
index d9499d0..9ecca53 100644
--- a/www/js/hash-lookup.js
+++ b/www/js/hash-lookup.js
@@ -7,7 +7,14 @@ var hashprobe_proto = grpc.load(PROTO_PATH).hashprobe;
 // TODO: Make destination configurable.
 var client = new hashprobe_proto.HashProbe('localhost:50051', grpc.credentials.createInsecure());
 
+var board = new Chess();
+
 var handle_request = function(fen, response) {
+	if (!board.validate_fen(fen).valid) {
+		response.writeHead(400, {});
+		response.end();
+		return;
+	}
 	client.probe({fen: fen}, function(err, probe_response) {
 		if (err) {
 			response.writeHead(500, {});
@@ -20,8 +27,6 @@ var handle_request = function(fen, response) {
 exports.handle_request = handle_request;
 
 var handle_response = function(fen, response, probe_response) {
-	var board = new Chess();
-
 	var lines = {};
 
 	var root = translate_line(board, fen, probe_response['root'], true);