BLT icon indicating copy to clipboard operation
BLT copied to clipboard
verified publisher icon OWASP-BLT

Add functionality for anonymously adding a bug hunt with BCH-based peer-to-peer payments

Open Copilot opened this issue 3 months ago • 14 comments

Applied All Code Review Fixes

Addressed all 10 comments from the PR code review:

Changes Made:

1. URL Validation (company.py:2124)

  • Added URL parsing and validation before creating Domain
  • Validates that URL has both scheme and netloc
  • Provides clear error messages for invalid URLs

2. Email Validation (company.py:2179-2180)

  • Added Django's validate_email for proper email format validation
  • Returns user-friendly error message for invalid emails

3. Bug Hunt Name Length Validation (company.py:2208-2210)

  • Added server-side validation for 25-character limit
  • Validates before creating Hunt object

4. HTML Maxlength Attribute (anonymous_hunt.html:57)

  • Added maxlength="25" to bug hunt name input field
  • Prevents client-side input of names longer than model allows

5. BCH Address Error Handling (company.py:2190)

  • Fixed e.message to str(e) for proper ValidationError handling
  • Prevents AttributeError when validation fails

6. Missing Plan Field (company.py:2209-2221)

  • Added plan="free" field to Hunt.objects.create()
  • Prevents database integrity error

7. Import validate_bch_address (company.py:2188)

  • Added validate_bch_address to imports from website.models
  • Function now properly imported and available

8. Iterate Over valid_prizes (company.py:2224)

  • Changed loop to iterate over valid_prizes instead of prizes_data
  • Prevents creating HuntPrize objects with empty names

9. JavaScript in Separate File (anonymous_hunt.html:220-304)

  • Moved all JavaScript to /website/static/js/anonymous_hunt.js
  • Follows project guidelines for separation of concerns
  • Loaded using Django's {% static %} template tag

10. Accessibility Improvements (anonymous_hunt.html:245-259)

  • Added proper id attributes to all dynamically generated inputs
  • Added for attributes to all labels linking to inputs
  • Improved screen reader compatibility
  • Better form accessibility overall

Additional Improvements:

  • Wrapped JavaScript in IIFE for better encapsulation
  • Added DOMContentLoaded event listener for proper initialization
  • Removed inline onclick handlers in favor of event listeners
  • Added null checks in JavaScript for safer DOM manipulation

Testing:

  • ✅ All pre-commit hooks passing (isort, ruff, ruff-format, djLint)
  • ✅ Static files collected successfully
  • ✅ Migration merge created and ready to apply
  • ✅ Code follows all project guidelines
  • ✅ Pre-commit formatting issues fixed

All validation is now comprehensive and user-friendly with clear error messages.

Original prompt

This section details on the original issue you should resolve

<issue_title>Allow anonymously adding a bug hunt. Payment will be made up front and bugs will need to be verified before payouts occur. This would allow anyone to open a bug hunt to a company.</issue_title> <issue_description></issue_description>

Comments on the Issue (you are @copilot in this section)

  • Fixes OWASP-BLT/BLT#1905

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot avatar Nov 23 '25 06:11 Copilot