From 39ec2164a019f1a9e4e9ff0aa602c0327d5d3776 Mon Sep 17 00:00:00 2001
From: Hyunsoo Shin <hyunsooda@kaist.ac.kr>
Date: Thu, 29 Aug 2024 17:24:26 +0900
Subject: [PATCH 1/2] [Console] Input sanitization added

---
 console/jsre/deps/web3.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/console/jsre/deps/web3.js b/console/jsre/deps/web3.js
index 2077d9f44..9f4dba347 100644
--- a/console/jsre/deps/web3.js
+++ b/console/jsre/deps/web3.js
@@ -3848,8 +3848,10 @@ var inputBlockNumberFormatter = function (blockNumber) {
         return undefined;
     } else if (isPredefinedBlockNumber(blockNumber)) {
         return blockNumber;
+    } else if (/^-?\d+$/.test(blockNumber)) {
+      return utils.toHex(blockNumber);
     }
-    return utils.toHex(blockNumber);
+    throw new Error(`input block number(${blockNumber}) is invalid`);
 };
 
 var inputEmptyFormatter = function (a) {

From 1811b01dbe60c5e556c2da1c39c8f2d0325bc114 Mon Sep 17 00:00:00 2001
From: Hyunsoo Shin <hyunsooda@kaist.ac.kr>
Date: Fri, 30 Aug 2024 14:37:27 +0900
Subject: [PATCH 2/2] [Console] Allow hex input

---
 console/jsre/deps/web3.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/console/jsre/deps/web3.js b/console/jsre/deps/web3.js
index 9f4dba347..745e30fed 100644
--- a/console/jsre/deps/web3.js
+++ b/console/jsre/deps/web3.js
@@ -3848,7 +3848,7 @@ var inputBlockNumberFormatter = function (blockNumber) {
         return undefined;
     } else if (isPredefinedBlockNumber(blockNumber)) {
         return blockNumber;
-    } else if (/^-?\d+$/.test(blockNumber)) {
+    } else if (/^\d+$/.test(blockNumber) || /^0x[0-9a-fA-F]+$/.test(blockNumber)) { // test if input is decmial or hex
       return utils.toHex(blockNumber);
     }
     throw new Error(`input block number(${blockNumber}) is invalid`);