Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix: add sanitisation to user input
  • Loading branch information
bruno-robert committed Jan 2, 2023
1 parent 3954822 commit 075c854
Show file tree
Hide file tree
Showing 3 changed files with 59 additions and 7 deletions.
14 changes: 10 additions & 4 deletions index.js
Expand Up @@ -15,6 +15,12 @@ const linuxGetWindowList = path.join(__dirname, 'linux', 'getWindowList.sh')
const macGetWindowList = path.join(__dirname, 'mac', 'getWindowList.applescript')
const winGetWindowList = path.join(__dirname, 'windows', 'listOpenWindows.bat')

const sanitiseUserInput = (input) => {
let newInput = (' ' + input).slice(1)
newInput = newInput.replaceAll("'", "");
return newInput
}

/**
* Focuses the first window of the process with the PID given
* @param {integer} id PID to use to find the application window
Expand Down Expand Up @@ -63,7 +69,7 @@ const sendKeys = (id, keys, {resetFocus = false, pressEnterOnceDone = true} = {}
keys = keys.replace('"', '\\"')

if ( process.platform === 'darwin' ) {
exec(`osascript "${macFocusAndSendKeys}" ${id} "${keys}" ${resetFocus} ${pressEnterOnceDone}`, (error, stdout, stderr) => {
exec(`osascript "${macFocusAndSendKeys}" '${sanitiseUserInput(id)}' '${sanitiseUserInput(keys)}' ${resetFocus} ${pressEnterOnceDone}`, (error, stdout, stderr) => {
if (error) reject(error)
if (stderr) reject(stderr)
resolve(stdout)
Expand All @@ -76,7 +82,7 @@ const sendKeys = (id, keys, {resetFocus = false, pressEnterOnceDone = true} = {}
keys = keys + '~'
}

exec(`${winSendKeysToWindowName} "${windowTitle}" "${keys}"`, (error, stdout, stderr) => {
exec(`${winSendKeysToWindowName} '${sanitiseUserInput(windowTitle)}' '${sanitiseUserInput(keys)}'`, (error, stdout, stderr) => {
if (error) reject(error)
if (stderr) reject(stderr)
resolve(stdout)
Expand All @@ -86,7 +92,7 @@ const sendKeys = (id, keys, {resetFocus = false, pressEnterOnceDone = true} = {}
// TODO: add option to reset focus on linux
// TODO: add option to not press enter once keys have been sent
const windowID = id // although the function calls it pid, iin this case it's a windowID
exec(`${sendTextToWindowWithId} ${windowID} "${keys}"`, (error, stdout, stderr) => {
exec(`${sendTextToWindowWithId} '${sanitiseUserInput(windowID)}' '${sanitiseUserInput(keys)}'`, (error, stdout, stderr) => {
if (error) reject(error)
if (stderr) reject(stderr)
resolve(stdout)
Expand Down Expand Up @@ -199,4 +205,4 @@ module.exports = {
focusWindow: focusWindow,
sendKeys: sendKeys,
getWindowList: getWindowList,
}
}
50 changes: 48 additions & 2 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
@@ -1,6 +1,6 @@
{
"name": "window-control",
"version": "1.4.4",
"version": "1.4.5",
"description": "Tools to manage window focus on mac, windows and linux",
"main": "index.js",
"scripts": {
Expand Down

0 comments on commit 075c854

Please sign in to comment.