Sanitize fields better #2
Comments
In general you should never rely on client-side sanitization, since that can easily be overridden. See it more as a convenience for people. Also, some browsers don't support more advanced sanitization and will in that case fall back to basic text inputs with no sanitization. |
|
Yes, I mingled together these aspects a bit. I was just confused that when I first tested it, the url field required a url to be entered, but now it takes whatever I input there. But I did not consider that sanitization in terms of security, but rather making sure I have to doublecheck less when copying the data to the csv file. But do you think there is any need for further sanitization for security reasons? |
No, since all of that is just sent via email, someone will have a read over it anyways, so it seems absolutely fine the way it is. |
What degree of sinitization do we need?
Although I set field types, it is possible to enter whatever in the url fiel. Why?
The text was updated successfully, but these errors were encountered: