Server-side validation of Form-Input #1

New issue

Closed

opened 2022-04-08 19:12:49 +02:00 by ben · 0 comments

ben commented

2022-04-08 19:12:49 +02:00

Owner

email-address validate
- WIP, but email verification can be configured
~~no html in input-fields~~
- escape output rather than sanitize input https://benhoyt.com/writings/dont-sanitize-do-escape/
escape user-provided data in output
- the handlebars renderer already does this for us
- note handlebars currently does this un-contextually which is wrog when including input out-side of an html context (which we don't do) upstream issue
ddos protection
- limited new submissions to 10 successful submissions / 30 Minutes / IP-Address
maximal number of attachments/links
quota maximal % of disk usage
- moved to seperate issue #8
evaluate length limits for fields

- [x] email-address validate - WIP, but email verification can be configured - [x] ~~no html in input-fields~~ - escape output rather than sanitize input <https://benhoyt.com/writings/dont-sanitize-do-escape/> - [x] escape user-provided data in output - the handlebars renderer already does this for us - note handlebars currently does this un-contextually which is wrog when including input out-side of an html context (which we don't do) [upstream issue](https://github.com/sunng87/handlebars-rust/issues/393) - [x] ddos protection - limited new submissions to 10 successful submissions / 30 Minutes / IP-Address - [x] maximal number of attachments/links - [x] quota maximal % of disk usage - moved to seperate issue #8 - [x] evaluate length limits for fields

ben closed this issue

2022-05-02 01:27:54 +02:00