wagtail-enap-designsystem 1.2.1.197__py3-none-any.whl → 1.2.1.198__py3-none-any.whl

enap_designsystem/blocks/form.py

@@ -2081,7 +2081,7 @@ class FormularioPage(Page):
         return conditional_data
 
 
-    # SUBSTITUIR também o método get_context para incluir os dados condicionais corretos
+    # dados condicionais 
 
     def get_context(self, request, *args, **kwargs):
         """Adiciona contexto personalizado - VERSÃO CORRIGIDA"""
@@ -2131,7 +2131,7 @@ class FormularioPage(Page):
                     if not self.should_process_conditional_field(block, form_data, request):
                         continue
                 
-                # NOVA VALIDAÇÃO DE SEGURANÇA - APLICAR A TODOS OS CAMPOS DE TEXTO
+                # VALIDAÇÃO DE SEGURANÇA - APLICAR A TODOS OS CAMPOS DE TEXTO
                 if isinstance(value, str) and value.strip():
                     try:
                         if block.block_type == 'email_field':

enap_designsystem/blocks/security.py

@@ -57,4 +57,5 @@ def validate_email_field(value):
             raise ValidationError(
                 _('Email contém comandos não permitidos.'),
                 code='sql_command_in_email'
-            )
+            )
+            

enap_designsystem/templates/enap_designsystem/form_templates/formulario_page.html

@@ -2091,17 +2091,29 @@ function getFileIcon(filename) {
     function cleanInput(input, originalValue) {
         let cleanValue = originalValue;
         
-        // 1. Primeiro remover caracteres especiais
+        // 1. Identificar o tipo de campo
         const fieldName = (input.name || input.id || '').toLowerCase();
         const isEmailField = fieldName.includes('email') || input.type === 'email';
+        const isTextareaField = input.tagName.toLowerCase() === 'textarea' || fieldName.includes('textarea_field');
         
+        // 2. Aplicar limpeza específica para cada tipo de campo
         if (isEmailField) {
+            // Para campos de email, permitir @ e pontos
             cleanValue = originalValue.replace(/[^a-zA-Z0-9@.\-_]/g, '');
+        } else if (isTextareaField) {
+            // Para campos textarea, permitir mais caracteres, mas remover scripts e código malicioso
+            // Remover tags <script>, <iframe>, javascript: etc.
+            cleanValue = originalValue
+                .replace(/<script[\s\S]*?<\/script>/gi, '')  // Remove tags script
+                .replace(/<iframe[\s\S]*?<\/iframe>/gi, '')  // Remove tags iframe
+                .replace(/javascript:/gi, '')                // Remove javascript:
+                .replace(/on\w+\s*=/gi, '');                 // Remove manipuladores de eventos onclick, onload, etc.
         } else {
+            // Para outros campos de texto, manter a limpeza original
             cleanValue = originalValue.replace(/[^a-zA-Z0-9À-ÿ\s.\-]/g, '');
         }
         
-        // 2. Depois verificar comandos SQL
+        // 3. Verificar comandos SQL para TODOS os tipos de campos
         const sqlCheck = containsSqlCommands(cleanValue);
         if (sqlCheck.found) {
             // Remover a palavra SQL encontrada
@@ -2180,25 +2192,39 @@ function getFileIcon(filename) {
             const value = input.value.trim();
             if (!value) return;
             
-            // Verificar caracteres proibidos
-            const prohibitedChars = /['";\\<>]/;
+            const isTextarea = input.tagName.toLowerCase() === 'textarea' || 
+                            (input.name || '').toLowerCase().includes('textarea_field');
+            
+            // Verificação de conteúdo malicioso
+            let hasProhibitedContent = false;
+            
+            if (isTextarea) {
+                // Para textareas, verificar JavaScript malicioso
+                hasProhibitedContent = /<script|<iframe|javascript:|on\w+\s*=/i.test(value);
+            } else {
+                // Para outros campos, verificação mais rigorosa
+                hasProhibitedContent = /['";\\<>]/i.test(value);
+            }
+            
+            // Verificação de comandos SQL para todos os campos
             const sqlCheck = containsSqlCommands(value);
             
-            if (prohibitedChars.test(value) || sqlCheck.found) {
+            if (hasProhibitedContent || sqlCheck.found) {
                 console.warn('⚠️ Conteúdo proibido:', {
                     campo: input.name,
                     valor: value,
                     sql: sqlCheck.found ? sqlCheck.command : 'não',
-                    caracteres: prohibitedChars.test(value)
+                    caracteres: hasProhibitedContent
                 });
                 
                 hasProhibited = true;
                 input.style.borderColor = 'red';
                 input.style.backgroundColor = '#ffe6e6';
                 
-                if (!hasProhibited) {
+                if (!input.hasBeenFocused) {
                     input.focus();
                     input.scrollIntoView({ behavior: 'smooth', block: 'center' });
+                    input.hasBeenFocused = true;
                 }
             }
         });

{wagtail_enap_designsystem-1.2.1.197.dist-info → wagtail_enap_designsystem-1.2.1.198.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: wagtail-enap-designsystem
-Version: 1.2.1.197
+Version: 1.2.1.198
 Summary: Módulo de componentes utilizado nos portais ENAP, desenvolvido com Wagtail + CodeRedCMS
 Author: Renan Campos
 Author-email: renan.oliveira@enap.gov.br

{wagtail_enap_designsystem-1.2.1.197.dist-info → wagtail_enap_designsystem-1.2.1.198.dist-info}/RECORD

@@ -11,10 +11,10 @@ enap_designsystem/blocks/__init__.py,sha256=jtlNAEIsIo_KipwQcUMVQuR4vdt4AjrLjag6
 enap_designsystem/blocks/base_blocks.py,sha256=ZuqVWn4PEAvD3pKM1ST7wjo4lwv98ooen_rs15rRJbg,10866
 enap_designsystem/blocks/chatbot_blocks.py,sha256=YeCznrXMbFa9MP9vjdTYl53ZhKsywkGOXvFK2bwcqW0,1133
 enap_designsystem/blocks/content_blocks.py,sha256=X8Ldf6eMRhjhIYxC2rLssb151r2iFFFQ8XxwPpBbjyI,17282
-enap_designsystem/blocks/form.py,sha256=rQ_KfMgafbA7NSBGneUsregEhphKCxfNh4rG8s6FEWI,90007
+enap_designsystem/blocks/form.py,sha256=fVohUAc1JWJZkFiEuc7ar3HTje-lqUj_n0Qcmxv7luU,89937
 enap_designsystem/blocks/html_blocks.py,sha256=YE8xNA8HQ5iavP_UIlJrhwIUpgtfVMQTP3XVk2dg4J0,281986
 enap_designsystem/blocks/layout_blocks.py,sha256=qND7aUna3VL3PK7sAKE7PiPfSvahMwHK_lZoKUkudeo,23461
-enap_designsystem/blocks/security.py,sha256=cOdLix8cOkjV-Ef-NMjrVid0e3u5uxGNPZk8S7J-rr0,2178
+enap_designsystem/blocks/security.py,sha256=WysHpW0HtZoQTGy9YilYrgtWxUcMinq9vN8KkJxJ7KI,2191
 enap_designsystem/blocks/semana_blocks.py,sha256=AfaxJQmStvFkw6yrPeKyZurC6jzCxWxyzmdny_pret0,70929
 enap_designsystem/blocks/semana_inovacao.py,sha256=iPwsYG4oIZIIGR9zyu7bCTuVGn-E8-28KjPnI-SNIAs,47038
 enap_designsystem/middleware/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -834,7 +834,7 @@ enap_designsystem/templates/enap_designsystem/blocks/suap/apisuap_courses_block.
 enap_designsystem/templates/enap_designsystem/blocks/suap/suap_courses_block.html,sha256=_7AC4WBH4qCXmwlKqnRLbPeUnAopLGeKUIrd6FYcvps,16036
 enap_designsystem/templates/enap_designsystem/blocks/suap/suap_events_block.html,sha256=mL2DFQeAuDIx_GyCoEURKmME-Mmd-zQ_NZkO7YW9Z2k,20182
 enap_designsystem/templates/enap_designsystem/form_templates/form_report.html,sha256=WXf4HgNQY0M6zZ-tERqf01mHbGflqWXT96RaJYjCxFA,16081
-enap_designsystem/templates/enap_designsystem/form_templates/formulario_page.html,sha256=kDdB_pSFU5_Z4Kh81oSyItDs6xy6U88rJFTfFv91ld0,64367
+enap_designsystem/templates/enap_designsystem/form_templates/formulario_page.html,sha256=eu0GY3if-UgyklcdnCSiaU6mxBZGsPIjr8aVuhu_DoI,65974
 enap_designsystem/templates/enap_designsystem/form_templates/formulario_page_landing.html,sha256=2dVaFwunBrHsq0b3rP1buEFxO6hfplFH3-GoUuyLJPo,7598
 enap_designsystem/templates/enap_designsystem/form_templates/formulario_page_success.html,sha256=jFE9GYRxy19ha37pVvucEVYDKTeU56Nav2Fd3phqmZ4,9363
 enap_designsystem/templates/enap_designsystem/form_templates/home_page.html,sha256=BYV5TV6xp0uY3SWtNsAf8p-aDqPiHfM8j4pWbqTUV2M,42329
@@ -934,8 +934,8 @@ enap_designsystem/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG
 enap_designsystem/utils/decorators.py,sha256=aq6SbLn0LcH2rfE3ZFit8jkD7pSx9fLVBUUwVB747hg,335
 enap_designsystem/utils/services.py,sha256=6dG5jLSbwH49jpZV9ZNpWlaZqI49gTlwlr1vaerxdiU,5824
 enap_designsystem/utils/sso.py,sha256=vjAuoYgoLeQAa_dkkyQ6-LmHvKMaVCxizNFpe5y3iUA,1145
-wagtail_enap_designsystem-1.2.1.197.dist-info/licenses/LICENSE,sha256=Btzdu2kIoMbdSp6OyCLupB1aRgpTCJ_szMimgEnpkkE,1056
-wagtail_enap_designsystem-1.2.1.197.dist-info/METADATA,sha256=jG3qmGYb67pVJdRwrgZUddsSL01qshapx5nXSdoaQJ8,3651
-wagtail_enap_designsystem-1.2.1.197.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-wagtail_enap_designsystem-1.2.1.197.dist-info/top_level.txt,sha256=RSFgMASxoA-hVftm5i4Qd0rArlX4Dq08lLv5G4sYD-g,18
-wagtail_enap_designsystem-1.2.1.197.dist-info/RECORD,,
+wagtail_enap_designsystem-1.2.1.198.dist-info/licenses/LICENSE,sha256=Btzdu2kIoMbdSp6OyCLupB1aRgpTCJ_szMimgEnpkkE,1056
+wagtail_enap_designsystem-1.2.1.198.dist-info/METADATA,sha256=UE_U52AOXSsFTjUdp0hsg2oKflC4Ju8u0FT2ew0f9Oo,3651
+wagtail_enap_designsystem-1.2.1.198.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+wagtail_enap_designsystem-1.2.1.198.dist-info/top_level.txt,sha256=RSFgMASxoA-hVftm5i4Qd0rArlX4Dq08lLv5G4sYD-g,18
+wagtail_enap_designsystem-1.2.1.198.dist-info/RECORD,,