-
-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sanitize bot input #110
Sanitize bot input #110
Conversation
Overall I think validation of user input is not the right place to fix it. It's always dangerous to add this kind of validation because you have to copy-paste it to every place where the user inputs something, taking into account all the uses of user input which happen in a completely different place. I think |
I moved the email sanitization check into the mailcow.py method - it doesn't change anything in the current state actually, because the only place where it's executed apart from tests is in the |
Maybe I should have split this up into two different PRs - one is about validating emails (which get passed to the mailcow API: MER-01-004 and MER-01-005), the other is about validating token names (which gets passed to the tokenQRcode.png file name: MER-01-001). |
bbcb91a
to
a1e7f1c
Compare
For newcomers & archiving purposes - there is a vaguely related thread about bot commands security. |
Not critical, as this input is coming from trusted users - nevertheless it should be fixed.