From a9173f672d03d5678de7f3c58177933d208bec5a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?luis=CE=B4=CE=BC?= <luis.dedios@kaleidos.net>
Date: Fri, 23 May 2025 12:08:39 +0200
Subject: [PATCH] :bug: Sanitize inputs for variant property names and values
 (#6532)

---
 .../ui/workspace/sidebar/options/menus/component.cljs     | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/frontend/src/app/main/ui/workspace/sidebar/options/menus/component.cljs b/frontend/src/app/main/ui/workspace/sidebar/options/menus/component.cljs
index 6bb5274dd..a1dcb8ddb 100644
--- a/frontend/src/app/main/ui/workspace/sidebar/options/menus/component.cljs
+++ b/frontend/src/app/main/ui/workspace/sidebar/options/menus/component.cljs
@@ -286,7 +286,8 @@
         (mf/use-fn
          (mf/deps component-ids)
          (fn [pos value]
-           (let [value (if (= value empty-indicator) "" value)]
+           (let [value (str/trim value)
+                 value (if (= value empty-indicator) "" value)]
              (doseq [id component-ids]
                (st/emit! (dwv/update-property-value id pos value))
                (st/emit! (dwv/update-error id nil))))))
@@ -295,11 +296,12 @@
         (mf/use-fn
          (mf/deps variant-id)
          (fn [event]
-           (let [value (dom/get-target-val event)
+           (let [value (str/trim (dom/get-target-val event))
                  pos   (-> (dom/get-current-target event)
                            (dom/get-data "position")
                            int)]
-             (st/emit! (dwv/update-property-name variant-id pos value)))))]
+             (when (seq value)
+               (st/emit! (dwv/update-property-name variant-id pos value))))))]
 
     [:*
      [:div {:class (stl/css :variant-property-list)}