From 72e988dda1d7bc201990423c33306c856347b52c Mon Sep 17 00:00:00 2001
From: Mondo Diaz <armando.m.diaz@boeing.com>
Date: Wed, 7 Jan 2026 14:37:44 -0600
Subject: [PATCH] Sanitize artifact ID input to hex-only characters

- Convert input to lowercase
- Strip non-hex characters (a-f, 0-9 only)
- Limit to 64 characters (SHA256 length)
- Show character count in validation hint
---
 frontend/src/pages/PackagePage.tsx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/frontend/src/pages/PackagePage.tsx b/frontend/src/pages/PackagePage.tsx
index a2e41b3..2d68ee7 100644
--- a/frontend/src/pages/PackagePage.tsx
+++ b/frontend/src/pages/PackagePage.tsx
@@ -365,7 +365,7 @@ function PackagePage() {
           <input
             type="text"
             value={artifactIdInput}
-            onChange={(e) => setArtifactIdInput(e.target.value)}
+            onChange={(e) => setArtifactIdInput(e.target.value.toLowerCase().replace(/[^a-f0-9]/g, '').slice(0, 64))}
             placeholder="Enter SHA256 artifact ID (64 hex characters)"
             className="artifact-id-input"
           />
@@ -383,7 +383,7 @@ function PackagePage() {
           </a>
         </div>
         {artifactIdInput.length > 0 && artifactIdInput.length !== 64 && (
-          <p className="validation-hint">Artifact ID must be exactly 64 hex characters</p>
+          <p className="validation-hint">Artifact ID must be exactly 64 hex characters ({artifactIdInput.length}/64)</p>
         )}
       </div>