Input Validation - All

[Bejoty]

Condensed list of pages that need server- and/or client-end input validation (NEVER trust user input!)

These come behind functionality priorities, thus may not make the final release.
In general, all validation should be done by the server, while client-end validation is a good shell for increased user experience and mitigating form data loss.

• Entering Javascript as Step Name Breaks on Commissioner's End #179 Commission Settings
  • Verify no fields are left blank (exception: example image)
  • Sanitize all input fields (server)
• Form Validation: Commission requests must be complete #182 Commission Request
  • All fields need to be filled before submission (client)
  • Sanitize final specification (server)
• Commission Review/Revision
  • Sanitize each artist review and customer specification (server)
  • Sanitize/Validate artist's price revision (server)

[kcorman]

I'm burning out too (mostly from other projects now) but I'll take a stab at this

[kcorman]

On wip-commissions I fixed a few of these issues b3f2b1c

As it says in the commit message, we're now sanitizing all parameters posted to our site. If there's a problem with this let me know and I can make it page-specific.

[quanc]

What is the status of this? How many of these input validation issues are currently addressed?

[kcorman]

Sanitation is done so we're good from a security stand point. We have not
verified that all fields are filled.

On Sat, Dec 7, 2013 at 9:34 PM, Christina Quan notifications@github.comwrote:

What is the status of this? How many of these input validation issues are
currently addressed?

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/234#issuecomment-30075529
.

[quanc]

Okay, at least we're good from a security stand point then. Not sure how high-priority field completion checks are.

[quanc]

Sanitization is done. Closing this.

[quanc]

Field completion checks are still not implemented.