| Summary: | Input sanitisation in profile fields. | ||
|---|---|---|---|
| Product: | [Websites] bugs.kde.org | Reporter: | Roke Julian Lockhart Beedell <4wy78uwh> |
| Component: | database | Assignee: | KDE sysadmins <sysadmin> |
| Status: | REPORTED --- | ||
| Severity: | normal | CC: | sheedy |
| Priority: | NOR | Flags: | 4wy78uwh:
performance-
|
| Version First Reported In: | unspecified | ||
| Target Milestone: | --- | ||
| Platform: | Compiled Sources | ||
| OS: | All | ||
| Latest Commit: | Version Fixed/Implemented In: | ||
| Sentry Crash Report: | |||
| Attachments: |
The original problem.
A relevant solution. |
||
Created attachment 168774 [details]
A relevant solution.
(In reply to Mister Roke Julian Lockhart Beedell from comment #0) Of course, just close this if it doesn't need to be tracked. |
Created attachment 168773 [details] The original problem. SUMMARY I received a message via e-mail today informing me that my strange choice to use JSON in my name field had caused mail delivery issues and unsubscription from a development mailing list. I'm mighty annoyed to have caused such a thing, and hope to prevent it occurring in the future. Consequently, I propose that some basic input sanitisation be implemented in the field entry forms to prevent characters (or combinations thereof, although that seems infeasible to test) which would cause issues being entered. STEPS TO REPRODUCE Don't do this, but inputting JSON in the name field shall cause problems. OBSERVED RESULT A user can cause problems to the mail server parsing, which ideally shouldn't be possible. EXPECTED RESULT The input form should be sanitized to prevent a user entering problematic characters. ADDITIONAL INFORMATION Attached is the original message, and a relevant message from a mail service which might have encountered the same issue.