The purpose of this hotfix is to fix bug where the script checking for bad characters doesn't check the justification fields on extension and exception forms.
Your thoroughness of testing is really appreciated! I know it's tedious. Using Django or React utilities in place of this band-aid is the long term goal once the fire is put out.
The checkForBlankInputs javascript was changed using whitelist methods to allow characters in input. At the same time, the script blacklists some explicit scripting character patterns. This is a front end change to prevent bad characters from making it to the server. The DB utils remove bad characters server side in apcd_database.py.
Try to input javascript.exe, anything in "quotes" or 'quotes" { hello.exe } thisshouldwork@test.com into the field into the explanation justification field
On change. the field should be replaced with Try to input script script exe anything in quotes or quotes helloexe thisshouldworktestcom
Overview
The purpose of this hotfix is to fix bug where the script checking for bad characters doesn't check the justification fields on extension and exception forms.
Your thoroughness of testing is really appreciated! I know it's tedious. Using Django or React utilities in place of this band-aid is the long term goal once the fire is put out.
Related
Changes
The checkForBlankInputs javascript was changed using whitelist methods to allow characters in input. At the same time, the script blacklists some explicit scripting character patterns. This is a front end change to prevent bad characters from making it to the server. The DB utils remove bad characters server side in apcd_database.py.
Testing
UI
User input:
On change, text is changed to :