h0lybyte
commented
11 months ago Migrating this issue to https://github.com/KBVE/kbve/issues/97
Closing this out.
Closed h0lybyte closed 11 months ago
h0lybyte
commented
11 months ago Migrating this issue to https://github.com/KBVE/kbve/issues/97
Closing this out.
Describe the update A clear and concise description of what the update will be. Keep it simple! The Appwrite functions should have an additional layer of sanitization on both the client and server side.
For this situation, I was thinking that we would run it through DOMPurify, length checks, and regex. We could look at adding more security checks later on.
References for update Include any links/data for the update that must be done.
Dompurify https://github.com/cure53/DOMPurify
Make sure the length of variables is checked before storage or submission.
Additional Regex checks afterward, to ensure that nothing besides a strict set of characters is allowed through.
Security/Performance risks Are there any major security and/or performance risks?!
The security risks would be XSS attacks or an internal DoS attack, thus having a couple of additional checks in place can help migrate those attacks.