Usernames should not contain double quotes

KorAP / Kustvakt

:speedboat: User and policy management component for KorAP, capable of rewriting queries for policy based document restrictions.

BSD 2-Clause "Simplified" License

4 stars 3 forks source link

Usernames should not contain double quotes #584

Closed margaretha closed 1 year ago

margaretha commented 1 year ago

During the review on the implementation of user info API (#566), there is a question if usernames may contain double quotes. In Kustvakt, quotes are not allowed, but the usernames comes from Cosmas2 or LDAP. We need to clarify that and takes some measure if usernames may contain double quotes.

Mentioned by @Akron

margaretha commented 1 year ago

Double quotes wouldn't be a problem. If usernames contains double quotes, they will be escaped in the User Info web-service, and in virtual corpus URL they should be URL-encoded.