Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate availability string #101

Open
MinhxNguyen7 opened this issue May 14, 2024 · 0 comments
Open

Validate availability string #101

MinhxNguyen7 opened this issue May 14, 2024 · 0 comments
Labels
enhancement New feature or request migrated From Svelte version of ZotMeet

Comments

@MinhxNguyen7
Copy link
Member

Description

I think we currently just save whatever availability string that the client sends into the database.

This poses a XSS risk because we would then send this unsanitized input (from the frontend perspective) from one client to another. In theory, this should be ok if the way that we parse the json string on the frontend is secure, but this poses a risk regardless.

More importantly, we don't want there to be an availability string that is malformed/inconsistent from a bug to be entered without checking into the database.
@MinhxNguyen7 MinhxNguyen7 added the enhancement New feature or request label May 14, 2024
@seancfong seancfong added the migrated From Svelte version of ZotMeet label Dec 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request migrated From Svelte version of ZotMeet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@seancfong @MinhxNguyen7