diff --git a/www/views/addotp.html b/www/views/addotp.html
index 5474320..4a77519 100644
--- a/www/views/addotp.html
+++ b/www/views/addotp.html
@@ -55,6 +55,12 @@
navigator.notification.alert("Missing secret key.", null, "Error", 'Dismiss');
return;
}
+ key = key.toUpperCase();
+ /* Thanks to https://stackoverflow.com/a/27362880 for the regex */
+ if (!key.match(/^(?:[A-Z2-7]{8})*(?:[A-Z2-7]{2}={6}|[A-Z2-7]{4}={4}|[A-Z2-7]{5}={3}|[A-Z2-7]{7}=)?$/)) {
+ navigator.notification.alert("Secret key is not valid base32.", null, "Error", 'Dismiss');
+ return;
+ }
if (label == "") {
navigator.notification.alert("Missing label.", null, "Error", 'Dismiss');
return;
@@ -112,6 +118,14 @@
return;
}
}
+ try {
+ secret = decodeURIComponent(secret);
+ issuer = decodeURIComponent(issuer);
+ label = decodeURIComponent(label);
+ } catch (e) {
+ navigator.notification.alert("Could not decode OTP URI.", null, "Error", 'Dismiss');
+ return;
+ }
addOTP(secret, label, issuer);
}
},