From df78964e72d0f9f3470f1d0bbcca53255e246a13 Mon Sep 17 00:00:00 2001
From: Sikkra <159844544+Sikkra@users.noreply.github.com>
Date: Tue, 19 May 2026 19:12:39 -0500
Subject: [PATCH] fix: harden wallet request errors
---
src/api.js | 14 ++++++++++----
src/send/send.js | 3 ++-
src/utils.js | 6 ++++++
3 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/src/api.js b/src/api.js
index 5709e1c..eb20ccc 100644
--- a/src/api.js
+++ b/src/api.js
@@ -11,12 +11,16 @@ const fetchQuery = (url, callback, fetchParams = null, errorFunc = null, callbac
let errorObj = {};
if (errorFunc) errorObj = errorFunc(responseJson);
if ( ! errorObj.title) errorObj.title = `Error in response HTTP query to: ${url}`;
- if ( ! errorObj.message) errorObj.message = responseJson.error ? responseJson.error : responseJson.message;
+ if ( ! errorObj.message) {
+ const responseError = responseJson.error ? responseJson.error : responseJson.message;
+ errorObj.message = responseError && responseError.message ? responseError.message : responseError;
+ }
+ if ( ! errorObj.html) errorObj.html = escapeHtml(errorObj.message);
const swalParams = {
showCloseButton: true,
icon: 'error',
title: errorObj.title,
- html: errorObj.message,
+ html: errorObj.html,
customClass: {
cancelButton: 'btn btn-danger btn-lg',
},
@@ -28,12 +32,14 @@ const fetchQuery = (url, callback, fetchParams = null, errorFunc = null, callbac
}
})
.catch((error) => {
- if (error == 'TypeError: Failed to fetch') error += '
Maybe it is CORS! Check please manual here.';
+ if (callbackAlways) callbackAlways();
+ let corsHelp = '';
+ if (error == 'TypeError: Failed to fetch') corsHelp = '
Maybe it is CORS! Check please manual here.';
Swal.fire({
showCloseButton: true,
icon: 'error',
title: `Error on HTTP query to: ${url}`,
- html: `
${error}
`, + html: `${escapeHtml(error)}
${corsHelp}`, customClass: { cancelButton: 'btn btn-danger btn-lg', }, diff --git a/src/send/send.js b/src/send/send.js index bdb74de..5ff18e3 100644 --- a/src/send/send.js +++ b/src/send/send.js @@ -219,9 +219,10 @@ const send = () => { } }); }, fetchParams, (responseJson) => { + const errorMessage = responseJson.error && responseJson.error.message ? responseJson.error.message : 'Unknown RPC error'; return { title: 'Error in creating a transaction!', - message: `${responseJson.error.message}
Change the parameters and try again!`, + html: `${escapeHtml(errorMessage)}
Change the parameters and try again!`, }; }, () => { $send.querySelector('fieldset').removeAttribute('disabled'); diff --git a/src/utils.js b/src/utils.js index 8755034..255f9ed 100644 --- a/src/utils.js +++ b/src/utils.js @@ -46,6 +46,12 @@ const formHandler = ($formName, callback) => { }); }; +const escapeHtml = (value) => { + const $text = document.createElement('textarea'); + $text.textContent = value == null ? '' : String(value); + return $text.innerHTML; +}; + const dataTableParams = { processing: true, renderer: 'bootstrap',