Chore: Add Validation to Account Name and Organization Name Text Fields to Prevent Malicious Input

[monicakh]

What is the current behavior?

Currently, the account name and organization name text fields lack validation, allowing any characters to be used. This vulnerability can be exploited for malicious purposes. For example, a malicious link can be saved in these text boxes. When users receive an invitation to join a New Relic account, these names render as valid links in email clients. Since the email is from a trusted domain like New Relic, users may click on these links, which could lead to harmful sites.

Solution:

Added a regular expression validation to the relevant fields.

Testing:

• Manually tested the account First name / Last name and the Organization name text fields to ensure that only valid characters are accepted.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
studio-staging	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	May 17, 2024 0:35am

5 Ignored Deployments

Name	Status	Preview	Comments	Updated (UTC)
database-new	⬜️ Ignored (Inspect)			May 17, 2024 0:35am
docs	⬜️ Ignored (Inspect)			May 17, 2024 0:35am
studio	⬜️ Ignored (Inspect)			May 17, 2024 0:35am
studio-self-hosted	⬜️ Ignored (Inspect)			May 17, 2024 0:35am
zone-www-dot-com	⬜️ Ignored (Inspect)			May 17, 2024 0:35am

[supabase]

No changes detected in supabase directory.
This pull request has been ignored for the connected project xguihxuzqibwxjnimxev due to its connection settings.
Go to Project Integrations Settings ↗︎ in order to change this behavior.

---

Branching Preview Branches by Supabase.
Learn more about Supabase for Git ↗︎.

[MildTomato]

😢

[charislam]

Hmm I would expect a URL to be a valid organization name, to be fair. I should be able to name my org company.io if I want to... would it be better to escape somehow in the HTML template instead to prevent email client auto-linking?