Open programsam opened 6 years ago
programsam
commented
3 years ago Started off thinking of this as apostrophes, but with what I know about security, really this is a matter of escaping any and all admin input — or is it? Should you be able to include links in the jam description?? I don’t really think so.
programsam
commented
3 years ago One thing’s for sure. I’ve run parseInt on jam IDs wherever possible, but that just means an exception will occur if you enter a non-number… protects us from some gnarly input but it should fail more gracefully.
programsam
commented
6 months ago https://www.npmjs.com/package/validator Shows promise for this.
programsam
commented
1 month ago At present I’m using Number.isNaN() for this. Makes sense to handle this in the express routers and not in processing. Processing can assume valid input — should be a cross-cutting concern in a single method somewhere though.
Handling it with NaNs is useful for making sure no exception occurs.
If you submit a request body that is not valid JSON, we do not currently handle that gracefully.
We are using prepared statements everywhere, so this is another “guiding principle.” The old BINK doesn’t like apostrophes, particularly in notes and things like that. So this is to say there should be tests that they work in all fields.