Details
-
Sub-task
-
Resolution: Unresolved
-
Major
-
None
-
None
Description
Review the use of validateInput. Considerations:
- For some fields (eg: SshKey::description), validateInput might reject characters that are otherwise valid.
- In general, fields should be filtered on output.
- Output includes HTML rendering, REST API, and provisioning.
- In general, SQL injection protection should be handled by Cake.
- Field validation should be aligned with the field content.
- eg: Email Addresses should be constrained to characters valid for email addresses.
- Proactive input validation might be more important for self service enabled fields than for fields that are only editable by an administrator, especially platform and CO administrators.
Attachments
Issue Links
- is related to
-
CO-2364 Input model validation should not be triggered on all API calls
- Open