From 610871c61b313cc84331892fb2a16c42dcb8730a Mon Sep 17 00:00:00 2001
From: Chris Wilson <chris@legendserver.info>
Date: Sun, 25 Jul 2021 15:49:51 -0400
Subject: [PATCH] Template gameName into player-settings as a data attribute to
 avoid potential security risks.

---
 WebHostLib/__init__.py                      | 2 +-
 WebHostLib/static/assets/player-settings.js | 5 ++---
 WebHostLib/templates/player-settings.html   | 2 +-
 3 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/WebHostLib/__init__.py b/WebHostLib/__init__.py
index 2466108f..2cf8e923 100644
--- a/WebHostLib/__init__.py
+++ b/WebHostLib/__init__.py
@@ -106,7 +106,7 @@ games_list = {
 # Player settings pages
 @app.route('/games/<string:game>/player-settings')
 def player_settings(game):
-    return render_template(f"player-settings.html")
+    return render_template(f"player-settings.html", game=game)
 
 
 # Game sub-pages
diff --git a/WebHostLib/static/assets/player-settings.js b/WebHostLib/static/assets/player-settings.js
index b1b21225..45c577fe 100644
--- a/WebHostLib/static/assets/player-settings.js
+++ b/WebHostLib/static/assets/player-settings.js
@@ -1,8 +1,7 @@
 let gameName = null;
 
 window.addEventListener('load', () => {
-  const urlMatches = window.location.href.match(/^.*\/(.*)\/player-settings/);
-  gameName = decodeURIComponent(urlMatches[1]);
+  gameName = document.getElementById('player-settings').getAttribute('data-game');
 
   // Update game name on page
   document.getElementById('game-name').innerHTML = gameName;
@@ -25,7 +24,7 @@ window.addEventListener('load', () => {
     nameInput.value = playerSettings.name;
   }).catch((error) => {
     const url = new URL(window.location.href);
-    window.location.replace(`${url.protocol}//${url.hostname}/page-not-found`);
+    // window.location.replace(`${url.protocol}//${url.hostname}/page-not-found`);
   })
 });
 
diff --git a/WebHostLib/templates/player-settings.html b/WebHostLib/templates/player-settings.html
index 2b851138..25e343fa 100644
--- a/WebHostLib/templates/player-settings.html
+++ b/WebHostLib/templates/player-settings.html
@@ -10,7 +10,7 @@
 
 {% block body %}
     {% include 'header/grassHeader.html' %}
-    <div id="player-settings">
+    <div id="player-settings" data-game="{{ game }}">
         <div id="user-message"></div>
         <h1><span id="game-name">Player</span> Settings</h1>
         <p>Choose the options you would like to play with! You may generate a single-player game from this page,