Sponsored Links URL input area is too short

fossasia / open-event-server

The Open Event Organizer Server to Manage Events https://test-api.eventyay.com

https://api.eventyay.com

GNU General Public License v3.0

2.97k stars 1.89k forks source link

Sponsored Links URL input area is too short #2611

Closed animeshsinghweb closed 7 years ago

animeshsinghweb commented 7 years ago

The input box for sponsors URL is too short on Tab devices (in my case from iPad) and also I guess there is no initiative used to ensure that it is a valid URL and it can be used to ruin databases by malicious codes.

Don't you think that the input box should be big enough at least for people to check the domain is not mistyped, maybe only for non PC devices?

Thanks. #GoogleCodeIn16

vedantrathore commented 7 years ago

Can I take up on this issue? and also how would we check for a malicious code like in case of SQLInjection or XSS?

niranjan94 commented 7 years ago

@vedantrathore

Can I take up on this issue?

Yes. you can. this issue has been assigned to you :smile:

and also how would we check for a malicious code like in case of SQLInjection or XSS?

XSS All the fields which are rendered as HTML are passed through a HTML Sanitizer (which remove all but a few allowed HTML tags) before being stored to the database. The rest of the fields are automatically escaped by jinja when rendering.

The sanitizer: app/helpers/versioning.py#L27

SQL Injection We are using SQL-Alchemy's query builder and ORM and not using Raw SQL Statements anywhere. Hence, SQL-Alchemy handles escaping of input to prevent SQL Injection.

vedantrathore commented 7 years ago

@niranjan94 so I just need to check for the responsiveness of the url input area right? no need to check for malicious code?

SaptakS commented 7 years ago

@vedantrathore, yes the responsiveness and also the size of text box. Also you can put a pattern check to check for http:// or https:// else show an error.