From e58b556f66a79744c88d6a130aff0b92bb5d014f Mon Sep 17 00:00:00 2001
From: Marcin Kurczewski <mkurczew@gmail.com>
Date: Mon, 29 Sep 2014 19:42:13 +0200
Subject: [PATCH] Added client-side protection against long tags

---
 TODO                                |  2 --
 public_html/js/Controls/TagInput.js | 22 +++++++++++++++++-----
 2 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/TODO b/TODO
index 645a2333..9066f9e5 100644
--- a/TODO
+++ b/TODO
@@ -111,8 +111,6 @@ miscellaneous:
     - endless pager should include information about page number
     - add hotkeys for focusing items in top navigation
     - add ability to select tags text in tag input
-    - pasting tags should have protection against very long clipboard content
-    - add protection against ridiculously long tag names
     - add customizable favicon
     - add customizable logo
     - add log engine and log everything that should be logged
diff --git a/public_html/js/Controls/TagInput.js b/public_html/js/Controls/TagInput.js
index 3b22a6ba..62259645 100644
--- a/public_html/js/Controls/TagInput.js
+++ b/public_html/js/Controls/TagInput.js
@@ -67,15 +67,17 @@ App.Controls.TagInput = function(
 		} else {
 			pastedText = (e.originalEvent || e).clipboardData.getData('text/plain');
 		}
-		pasteText(pastedText);
-	});
 
-	function pasteText(pastedText) {
+		if (pastedText.length > 200) {
+			window.alert('Pasted text is too long.');
+			return;
+		}
+
 		var pastedTags = pastedText.split(/\s+/);
 		var lastTag = pastedTags.pop();
 		_.map(pastedTags, addTag);
 		$input.val(lastTag);
-	}
+	});
 
 	$input.unbind('keydown').bind('keydown', function(e) {
 		if (_.contains(inputConfirmKeys, e.which) && !$input.val()) {
@@ -86,8 +88,8 @@ App.Controls.TagInput = function(
 		} else if (_.contains(tagConfirmKeys, e.which)) {
 			var tag = $input.val();
 			e.preventDefault();
-			addTag(tag);
 			$input.val('');
+			addTag(tag);
 		} else if (e.which === KEY_BACKSPACE && jQuery(this).val().length === 0) {
 			e.preventDefault();
 			removeLastTag();
@@ -99,6 +101,16 @@ App.Controls.TagInput = function(
 		if (tag.length === 0) {
 			return;
 		}
+
+		if (tag.length > 64) {
+			//showing alert inside keydown event leads to mysterious behaviors
+			//in some browsers, hence the timeout
+			window.setTimeout(function() {
+				window.alert('Tag is too long.');
+			}, 10);
+			return;
+		}
+
 		var oldTags = getTags();
 		if (_.contains(_.map(oldTags, function(tag) { return tag.toLowerCase(); }), tag.toLowerCase())) {
 			flashTag(tag);