allow aliases in tracker and prevent them from causing html/js/database "stuff"

Though technically they can still do unicode "stuff"
2020-06-24 13:29:40 +02:00 · 2020-06-24 13:29:40 +02:00 · 38fe292acb
parent f72f344860
commit 38fe292acb
3 changed files with 12 additions and 5 deletions
--- a/MultiClient.py
+++ b/MultiClient.py
@ -443,7 +443,7 @@ async def get_snes_devices(ctx: Context):


 async def snes_connect(ctx: Context, address):
-    if ctx.snes_socket is not None:
+    if ctx.snes_socket is not None and ctx.snes_state == SNES_CONNECTED:
        ctx.ui_node.log_error('Already connected to snes')
        return

--- a/WebHost/templates/tracker.html
+++ b/WebHost/templates/tracker.html
@ -8,18 +8,22 @@
            src="https://cdn.datatables.net/v/bs4/jq-3.3.1/dt-1.10.21/fh-3.1.7/datatables.min.js"></script>
    <script>
        $(document).ready(function () {
-            $(".table").DataTable({
+            var tables = $(".table").DataTable({
                "paging": false,
                "ordering": true,
                "info": false,
                "fixedHeader": true,
                "dom": "t"
            });
+            $('#searchbox').keyup(function () {
+                tables.search($(this).val()).draw();
+            })
        })
    </script>
    <link rel="stylesheet" type="text/css" href="{{ url_for('static', filename="static.css") }}"/>
 {% endblock %}
 {% block body %}
+    <input id="searchbox" class="form-control" type="text" placeholder="Search">
    {% for team, players in inventory.items() %}
        <table class="table table-striped table-bordered table-hover table-sm">
            <thead class="thead-dark">
@ -30,9 +34,9 @@
                    {% if name in icons %}
                        <th style="text-align: center"><img height="32" width="32" style="object-fit: contain"
                                                            src="{{ icons[name] }}"
-                                                            alt="{{ name }}"></th>
+                                                            alt="{{ name|e }}"></th>
                    {% else %}
-                        <th>{{ name }}</th>
+                        <th>{{ name|e }}</th>
                    {% endif %}
                {% endfor %}
            </tr>
@ -78,7 +82,7 @@
            {% for player, checks in players.items() %}
                <tr>
                    <td class="table-info">{{ loop.index }}</td>
-                    <td class="table-info">{{ player_names[(team, loop.index)] }}</td>
+                    <td class="table-info">{{ player_names[(team, loop.index)]|e }}</td>
                    {% for area in ordered_areas %}
                        {% set checks_done = checks[area] %}
                        {% set checks_total = checks_in_area[area] %}
--- a/WebHost/tracker.py
+++ b/WebHost/tracker.py
@ -188,6 +188,7 @@ def get_tracker(room: int):
                attribute_item(inventory, team, recipient, item)
                checks_done[team][player][location_to_area[location]] += 1
                checks_done[team][player]["Total"] += 1
+
        for (team, player), game_state in room.multisave.get("client_game_state", []):
            if game_state:
                inventory[team][player][106] = 1  # Triforce
@ -200,6 +201,8 @@ def get_tracker(room: int):
        for team, names in enumerate(multidata['names']):
            for player, name in enumerate(names, 1):
                player_names[(team, player)] = name
+        for (team, player), alias in room.multisave.get("name_aliases", []):
+            player_names[team, player] = alias

        return render_template("tracker.html", inventory=inventory, get_item_name_from_id=get_item_name_from_id,
                               lookup_id_to_name=Items.lookup_id_to_name, player_names=player_names,