Enhance input validation for TON/FLO/BTC private keys

2025-10-14 12:28:25 +05:30 · 2025-10-14 12:28:25 +05:30 · 4f27833ec0
commit 4f27833ec0
parent e12d9e4391
1 changed files with 15 additions and 20 deletions
--- a/index.html
+++ b/index.html
@ -348,7 +348,7 @@
                  type="text"
                  id="transactionInput"
                  class="form-input"
-                  placeholder="Enter TON address, private key, or transaction hash"
+                  placeholder="Enter TON address or private key (TON/FLO/BTC)"
                />
                <button
                  type="button"
@ -2344,25 +2344,19 @@
          return true;
        }

-        const base58Regex =
-          /^[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]+$/;
-        if (
-          base58Regex.test(input) &&
-          input.length >= 51 &&
-          input.length <= 56
-        ) {
-          return true;
+        // Check for TON/FLO/BTC private key format (WIF - Wallet Import Format)
+        const base58Regex = /^[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]+$/;
+        if (base58Regex.test(input) && input.length >= 51 && input.length <= 56) {
+          // Only accept private keys with specific prefixes that can be converted to TON
+          const validPrivateKeyPrefixes = ['R',, 'K', 'L', 'T'];
+          if (validPrivateKeyPrefixes.some(prefix => input.startsWith(prefix))) {
+            return true;
+          }
+          return false; // Reject other Base58 strings (like BTC addresses)
        }

-        if (input.length === 44 && /^[A-Za-z0-9+/]{43}=?$/.test(input)) {
-          return false;
-        }
-
-        if (input.length < 32 || input.length > 128) {
-          return false;
-        }
-
-        return true;
+        // Reject any other input format
+        return false;
      }

      // Enhanced transaction loading with multi-chain support
@ -2414,8 +2408,7 @@
                <p>The input doesn't appear to be a valid TON address or private key.</p>
                <p>Please enter:</p>
                <ul style="margin: 0.5rem 0; padding-left: 1.5rem;">
-                  <li>A TON address (starts with EQ, UQ, or kQ)</li>
-                  <li>A hex private key (64 or 128 characters)</li>
+                  <li>A TON address (starts with EQ, UQ)</li>
                  <li>A TON/FLO/BTC private key</li>
                </ul>
              </div>
@ -2459,11 +2452,13 @@
                tonPrivateKey
              );
              finalAddress = address.toString(true, true, true);
+              finalAddress = await convertTob64(finalAddress);
            } else {
              // Try multi-chain conversion (TON/FLO/BTC)
              const walletData = await tonCrypto.recoverFromInput(input);
              if (walletData.TON && walletData.TON.address) {
                finalAddress = walletData.TON.address;
+                finalAddress = await convertTob64(finalAddress);
              } else {
                throw new Error(
                  "Invalid input: not a valid TON address or private key"