Server-side API validation

discord-tickets / bot

The most popular open-source and self-hosted ticket management bot for Discord - a free alternative to the premium and white-label plans of other popular ticketing bots.

https://discordtickets.app

GNU General Public License v3.0

957 stars 478 forks source link

Server-side API validation #323

Open eartharoid opened 2 years ago

eartharoid commented 2 years ago

Client-side validation is fine for private bots but server-side validation is needed for two reasons:

lack of validation can be abused to create a lot of errors on the public bot
HTML/browser validation doesn't work on the questions & options inputs as hidden form inputs are not validated, meaning you can accidentally submit the form with empty required fields

Use joi schemas.

eartharoid commented 1 year ago

Also improve client-side validation (especially for questions), perhaps with https://developer.mozilla.org/en-US/docs/Web/HTML/Constraint_validation (https://www.freecodecamp.org/news/form-validation-with-html5-and-javascript/).