Validate text used to sub-select files in datacart

EarthSystemCoG / COG

COG source code

BSD 3-Clause "New" or "Revised" License

8 stars 16 forks source link

Validate text used to sub-select files in datacart #1320

Closed LucaCinquini closed 7 years ago

LucaCinquini commented 7 years ago

Who: NOAA security scan

The datacart has a text widget that allows to sub-select files. Any value entered in this widget is not properly validated, although it must be noted that the ESGF search back-end does URL-escape all values before submitting them to Solr for querying.

LucaCinquini commented 7 years ago

Now the query value is validated directly on the CoG front-end before being submitted to the ESGF back-end for searching. The validation rules are exactly the same that apply to the 'text' field in the main search page.

murphysj commented 7 years ago

@LucaCinquini You'll have to explain how this commit resolves this ticket.

https://github.com/EarthSystemCoG/COG/commit/5a191cccb60e590fbe12a2d6518fd0c013f64f54 Seems just an error message addition.

murphysj commented 7 years ago

there was more to the commit than I could see. code looks good.