As a user, I can currently enter free text into the "Add new field" window when defining a new contract. These field names are used as javascript property names, as well as displayed to the user. Update the ValidationExtensions.cs to ensure that a contract string is invalid if the property name or example aren't valid strings. You'll likely want to define a safe regex to check it against.
Things to consider:
SQL injection?
Spaces in property names? might be weird; think about messaging, and what property names for an object can be
invalid special characters for object names
first character of property name must be a letter or underscore (check rules for C# property names)
"Example" field string is more lax, but still should prevent something totally wacky
If an invalid string is found, it should return a helpful failure message, like:
"5MyCoolField" is not a valid property name.
As a user, I can currently enter free text into the "Add new field" window when defining a new contract. These field names are used as javascript property names, as well as displayed to the user. Update the ValidationExtensions.cs to ensure that a contract string is invalid if the property name or example aren't valid strings. You'll likely want to define a safe regex to check it against.
Things to consider: SQL injection? Spaces in property names? might be weird; think about messaging, and what property names for an object can be invalid special characters for object names first character of property name must be a letter or underscore (check rules for C# property names) "Example" field string is more lax, but still should prevent something totally wacky
If an invalid string is found, it should return a helpful failure message, like:
"5MyCoolField" is not a valid property name.