[FEATURE]: Avoid forbidden characters in the search box #383
Comments
herrardo
added
enhancement
|
Hi @herrardo, |
|
Sure @ritikBhandari! Ping us if you need any help. You can start by taking a look at the search-input component. |
|
Sure. Thank you! |
|
So what are the forbidden characters other than |
|
@ritikBhandari |
|
Ohkay! |
Hey @ritikBhandari !! Are you still interested or faced any problems? Let us know, have a good weekend ;) |
|
Can I give this issue a try? |
Sure @wannieman98 👍 |
|
I'm really sorry for the inconvinience @herrardo. I was involved in some unavoidable issues lately. I'll definitely do it ASAP or @wannieman98 can also try. |
Don't worry about it. If you both try we'll review both PR's 🙌 |
|
Hola! @herrardo I've been taking a look at this today to get familiar with this codebase. I have a PR ready implementing this new prop as a blacklist (#573), but I just bumped into the following articles that discusses using blacklists vs using whitelists:
Have you guys considered using a whitelist instead (we would need to define what's the acceptable input)? Thank you! |
|
@wannieman98 Thanks for the contribution! Your PR took a while to merge because we had issues to merge PR from outside the organization but everything got solved finally, thanks again ;) |
How can the project be improved?
Avoid forbidden characters in the search box in order to prevent security issues such as XSS through code injection
How can this be solved?
Given a shopper typing in the search-box component
when the shopper types forbidden characters like
<or>then the search box prevents the acceptance of this characters
and nothing changes in the search box.
Proposed solution
Add a config to the SearchBox module to pass the characters to be forbidden.
Customizations supported
No response
Additional information
This is the location of the search-box module
Code of Conduct
The text was updated successfully, but these errors were encountered: