Closed cbaeucsd closed 4 months ago
cbaeucsd
commented
5 months ago Nothing stopping anyone from storing XSS in our database, however our frontend doesn't seem to have any components that are XSS vulnerable currently. Not sure if we should bother adding sanitization to input/output of routes.
VdotR
commented
4 months ago Nothing stopping anyone from storing XSS in our database, however our frontend doesn't seem to have any components that are XSS vulnerable currently. Not sure if we should bother adding sanitization to input/output of routes.
Right now it should be fine
[x] Validate both param and body inputs to minimize NoSQL injection chances. (Modules exist for this)
[x] Make ALL errors returned to the client reveal no information about the backend.
[x] Removal of api/user/lookup ?
[x] Check data type of all inputs
[x] Passthrough to make sure XSS isn't possible.