Improved Input validation

campwill · Dec 12, 2023 · 2a095cf · 2a095cf
1 parent 76f4f8a
commit 2a095cf
Showing 1 changed file with 56 additions and 12 deletions.
diff --git a/templates/index.html b/templates/index.html
@@ -23,8 +23,14 @@
           onsubmit="showLoadingScreen(); startQuoteCycle();"
         >
           <div class="input-container">
-            <h2>URL Analysis</h2><br>
-            <p>Obtain IP, server, domain, and DNS details, along with other important information, given a URL. Assess the credibility of a URL by identifying its various sources, as well as the information that appears on the website. Any full-length URL is supported.</p>
+            <h2>URL Analysis</h2>
+            <br />
+            <p>
+              Obtain IP, server, domain, and DNS details, along with other
+              important information, given a URL. Assess the credibility of a
+              URL by identifying its various sources, as well as the information
+              that appears on the website. Any full-length URL is supported.
+            </p>
 
             <label for="web_input">Enter a Website URL:</label>
 
@@ -34,24 +40,32 @@ <h2>URL Analysis</h2><br>
               id="web_input"
               placeholder="https://example.com/"
               pattern="https?:\/\/(www\.)?.+\..+"
-              style="border: 1px solid; border-radius: 4px;"
+              style="border: 1px solid; border-radius: 4px"
               required
             />
             <button type="submit">Go</button>
           </div>
         </form>
         <form action="/upload" method="post" enctype="multipart/form-data">
           <div class="input-container">
-            <h2>Exif Viewer</h2><br>
-            <p>Extract Exif data from an uploaded image. This information can contain a wide variety of information, such as camera settings, date and time information, GPS data, and other descriptive information. Note that this data can be stripped when transferred accross applications.</p>
+            <h2>Exif Viewer</h2>
+            <br />
+            <p>
+              Extract Exif data from an uploaded image. This information can
+              contain a wide variety of information, such as camera settings,
+              date and time information, GPS data, and other descriptive
+              information. Note that this data can be stripped when transferred
+              accross applications.
+            </p>
             <label for="fileToUpload">Upload an Image:</label>
             <input
               class="form-control"
               type="file"
               name="fileToUpload"
+              onchange="checkFileSize(this)"
               accept=".jpg,.jpeg,.png,.gif,.tiff"
               id="file"
-              style="border: 1px solid; border-radius: 4px;"
+              style="border: 1px solid; border-radius: 4px"
               required
             />
             <button type="analyze">Go</button>
@@ -60,16 +74,24 @@ <h2>Exif Viewer</h2><br>
 
         <form method="POST" action="/pid_tool" autocomplete="off">
           <div class="input-container">
-            <h2>Phone Lookup</h2><br>
-            <p>Recieve location, carrier, and user information associated with any phone number. Identify telecommunication provider that offer Voice over IP (VoIP) numbers, which are often used by scammers. Our phone lookup tool also supports international numbers.</p>
+            <h2>Phone Lookup</h2>
+            <br />
+            <p>
+              Recieve location, carrier, and user information associated with
+              any phone number. Identify telecommunication provider that offer
+              Voice over IP (VoIP) numbers, which are often used by scammers.
+              Our phone lookup tool also supports international numbers.
+            </p>
             <label for="phone_input">Enter a Phone Number:</label>
             <input
               type="tel"
               name="phone_input"
               id="phone_input"
               placeholder="16055551234"
               title="Please enter only numeric digits"
-              style="border: 1px solid; border-radius: 4px;"
+              style="border: 1px solid; border-radius: 4px"
+              maxlength="15"
+              pattern="[0-9]*"
               required
             />
             <button type="submit">Go</button>
@@ -79,12 +101,20 @@ <h2>Phone Lookup</h2><br>
 
       <div class="credits">
         <p>
-          OSINT Dashboard was developed by Andrew Flora, William Campbell, and Santiago Colla.<br>
-          Github: <b><a href="https://github.com/campwill/osint-dashboard" style="text-decoration: none; font-weight: bold;">OSINT Dashboard</a></b>
+          OSINT Dashboard was developed by Andrew Flora, William Campbell, and
+          Santiago Colla.<br />
+          Github:
+          <b
+            ><a
+              href="https://github.com/campwill/osint-dashboard"
+              style="text-decoration: none; font-weight: bold"
+              >OSINT Dashboard</a
+            ></b
+          >
         </p>
       </div>
     </div>
-    
+
     <div class="loading-screen" id="loadingScreen">
       <div id="quoteContainer" class="quote-container"></div>
       <div></div>
@@ -123,6 +153,20 @@ <h2>Phone Lookup</h2><br>
           clearInterval(quoteInterval);
         }, 15000);
       }
+      function checkFileSize(input) {
+        const maxFileSizeMB = 20;
+
+        if (input.files.length > 0) {
+          const fileSize = input.files[0].size;
+          const fileSizeMB = fileSize / (1024 * 1024);
+
+          if (fileSizeMB > maxFileSizeMB) {
+            alert("File size exceeds the maximum allowed size of 20 MB.");
+            input.value = "";
+          } else {
+          }
+        }
+      }
     </script>
   </body>
 </html>