Add client side handling for too long inputs #10
Conversation
schmijos
left a comment
schmijos
left a comment
There was a problem hiding this comment.
Thank you very much! Let's talk about this in person. I think, the rendered error json could enable generic error messages with less code.
schmijos
left a comment
schmijos
left a comment
There was a problem hiding this comment.
I'd like to show all error messages the backend is able to produce so please move the if-statement to the backend.
| return; | ||
| } | ||
| hideError(); | ||
| const { url } = await storeRemotely(ciphertext, expiresInSeconds()); |
There was a problem hiding this comment.
I'd rather expect an error to be shown as aftermath caused by this fetch call.
| </section> | ||
|
|
||
| <section id="error-container" style="display: none"> | ||
| <p id="error"></p> |
| async function encryptAndStore() { | ||
| const { key, ciphertext } = await encryptLocally(plaintext()); | ||
| const isInputTooLong = to_base64(ciphertext).length > <%= max_ciphertext_length %>; |
There was a problem hiding this comment.
My long-term design goal is to move away from ecr-templates but using HTML only. You're going into another direction. Please move this test into the backend. Security relevance is low and you can steer it globally then. Also you can simply show the backend error message for all messages generically.
2 participants
Now the length of the encrypted inputs gets checked and if it is longer than the (in the backend) set maximum the request doesn't get sent and an error is displayed. Fixes #4