The purpose of this hotfix is to update the prod branch so that the add remove buttons for the registration form work the same as staging. This will ensure that the scripts to validate characters in form input work as well.
The checkForBlankInputs javascript was changed using whitelist methods to allow characters in input. At the same time, the script blacklists some explicit scripting character patterns. This is a front end change to prevent bad characters from making it to the server. The DB utils remove bad characters server side in apcd_database.py.
Try to input javascript.exe, anything in "quotes" or 'quotes" { hello.exe } thisshouldwork@test.com into any field into a entity name field and make sure invalid characters are removed
On change. the field should be replaced with Try to input script script exe anything in quotes or quotes helloexe thisshouldworktestcom
Fill out form and add a contact
Try to input javascript.exe, anything in "quotes" or 'quotes" { hello.exe } thisshouldwork@test.com into any field into a contact name field and make sure invalid characters are removed
Overview
The purpose of this hotfix is to update the prod branch so that the add remove buttons for the registration form work the same as staging. This will ensure that the scripts to validate characters in form input work as well.
Related
Changes
The checkForBlankInputs javascript was changed using whitelist methods to allow characters in input. At the same time, the script blacklists some explicit scripting character patterns. This is a front end change to prevent bad characters from making it to the server. The DB utils remove bad characters server side in apcd_database.py.
Testing
UI
User input:
On change, text is changed to: