From d434997cdabc6da0e1718b251636cabb64d1b121 Mon Sep 17 00:00:00 2001
From: Ben Kurtovic <ben.kurtovic@gmail.com>
Date: Tue, 13 May 2014 21:22:18 -0400
Subject: [PATCH] Sanity-check score values.

---
 main.js | 42 +++++++++++++++++++++++++++++-------------
 1 file changed, 29 insertions(+), 13 deletions(-)

diff --git a/main.js b/main.js
index 0a869aa..46fd3e2 100644
--- a/main.js
+++ b/main.js
@@ -3,6 +3,25 @@
 var MAX_BUCKETS = 256;
 var LOADING_IMG = '<img src="http://cdn.myanimelist.net/images/xmlhttp-loader.gif" align="center">';
 
+/* Miscellaneous functions */
+
+function get_anime_id_from_href(href) {
+    var anime_id = href.substr(href.indexOf("/anime/") + "/anime/".length);
+    if (anime_id.indexOf("/") != -1)
+        anime_id = anime_id.substr(0, anime_id.indexOf("/"));
+    return anime_id;
+}
+
+function get_scores_from_element(elem) {
+    var score_100 = parseInt(elem.val());
+    var score_10 = Math.round(score_100 / 10.);
+    if (isNaN(score_100) || score_100 < 1 || score_100 > 100) {
+        alert("Invalid score: must be an integer between 1 and 100.");
+        return null;
+    }
+    return [score_100, score_10];
+}
+
 /* Storage functions */
 
 function get_scores(anime_id, callback) {
@@ -38,8 +57,11 @@ function set_score(anime_id, score) {
 /* Event patches */
 
 function update_list_score(anime_id) {
-    var new_score_100 = $("#scoretext" + anime_id).val();
-    var new_score_10 = Math.round(new_score_100 / 10.);
+    var new_scores = get_scores_from_element($("#scoretext" + anime_id));
+    if (new_scores === null)
+        return;
+
+    var new_score_100 = new_scores[0], new_score_10 = new_scores[1];
     var payload = {id: anime_id, score: new_score_10};
 
     $("#scorebutton" + anime_id).prop("disabled", true);
@@ -53,8 +75,11 @@ function update_list_score(anime_id) {
 }
 
 function update_anime_score(anime_id, is_new) {
-    var new_score_100 = $("#myinfo_score").val();
-    var new_score_10 = Math.round(new_score_100 / 10.);
+    var new_scores = get_scores_from_element($("#myinfo_score"));
+    if (new_scores === null)
+        return;
+
+    var new_score_100 = new_scores[0], new_score_10 = new_scores[1];
     var t_id, payload = {score: new_score_10};
     payload["status"] = $("#myinfo_status").val();
     payload["epsseen"] = $("#myinfo_watchedeps").val();
@@ -160,15 +185,6 @@ function hook_anime(anime_id) {
     });
 }
 
-/* Miscellaneous functions */
-
-function get_anime_id_from_href(href) {
-    var anime_id = href.substr(href.indexOf("/anime/") + "/anime/".length);
-    if (anime_id.indexOf("/") != -1)
-        anime_id = anime_id.substr(0, anime_id.indexOf("/"));
-    return anime_id;
-}
-
 /* Main extension hook */
 
 $(document).ready(function() {