Badgerati
Server side changed-data validation
-
Symptoms when a user simply modify page elements, Pode.Web controls (such as button) that rely on the element's data will invoke script with the modified data
-
Expected behavior/Feature request/Advice request a reliable and easy method to be able to make sure client-side user modifications will not impact executed script
-
Versions: Pode 2.6.2 Pode.Web 0.8.0
-
SampleCode to reproduce: The below code simply shows Running services, with a button that disables the corresponding service:
Import-Module Pode -Force
Import-Module Pode.Web -Force
Start-PodeServer -Threads 2 {
# add a simple endpoint
Add-PodeEndpoint -Address localhost -Port 8090 -Protocol Http
New-PodeLoggingMethod -Terminal | Enable-PodeErrorLogging
# set the use of templates, and set a login page
Use-PodeWebTemplates -Title 'Tables' -Theme Dark
# set the home page controls
$card1 = New-PodeWebCard -Name 'Services' -Content @(
New-PodeWebContainer -Content @(
New-PodeWebTable -Name 'Services' -DataColumn Name -ScriptBlock {
Get-Service | Where-Object Status -eq 'Running' | Select-Object `
Name, @{N = 'Stop'; E = { (New-PodeWebButton -Name 'Stop' -Colour Cyan -Outline -ScriptBlock {
Stop-Service $WebEvent.Data.Value -Force -Verbose
}
)
}
}
} `
-Columns @(
Initialize-PodeWebTableColumn -Key Name -Alignment Left -Icon Clock
)
)
)
Set-PodeWebHomePage -Layouts $card1 -Title 'Tables'
}
When editing the pode-data-value for the DnsClientCache service and replace it with BITS, the stop button will stop the BITS service
Editing the item in Chrome's DevTools
Verbose logging on terminal shows the manipulation caused service stop on BITS instead of DNSClientCache
I'm honestly not too sure how to achieve solving this one! 😅
If anyone's tackled something like this before, or has suggestions, I'm all ears!
