From d15f288d15e992281c4d2db4b5af9192daa43edc Mon Sep 17 00:00:00 2001
From: Matthew Esposito <matt@matthew.science>
Date: Fri, 1 Mar 2024 15:46:05 -0500
Subject: [PATCH 1/2] Add check for slashes in new workspace name

---
 backend/scopeBackend/views.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/backend/scopeBackend/views.py b/backend/scopeBackend/views.py
index bc612f4..057e130 100644
--- a/backend/scopeBackend/views.py
+++ b/backend/scopeBackend/views.py
@@ -273,6 +273,11 @@ def create(self, request):
             return Response({'error':'Workspace name already exists'}, status=status.HTTP_400_BAD_REQUEST)
         # create workspace and add creator to workspace
         serializer = self.get_serializer(data=request.data)
+
+        # return error if name contains any forward or backward slashes
+        if '/' in request.data['name'] or '\\' in request.data['name']:
+            return Response({'error':'Workspace name cannot contain forward or backward slashes'}, status=status.HTTP_400_BAD_REQUEST)
+
         serializer.is_valid(raise_exception=True)
         serializer.save(creatorId=self.request.user)
         headers = self.get_success_headers(serializer.data)

From 52a1f85362b05774428c62241a2ddcf9dc110bda Mon Sep 17 00:00:00 2001
From: Matthew Esposito <matt@matthew.science>
Date: Fri, 22 Mar 2024 15:29:17 -0400
Subject: [PATCH 2/2] Add quote to banned characters

---
 backend/scopeBackend/views.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/scopeBackend/views.py b/backend/scopeBackend/views.py
index 057e130..4296de3 100644
--- a/backend/scopeBackend/views.py
+++ b/backend/scopeBackend/views.py
@@ -274,8 +274,8 @@ def create(self, request):
         # create workspace and add creator to workspace
         serializer = self.get_serializer(data=request.data)
 
-        # return error if name contains any forward or backward slashes
-        if '/' in request.data['name'] or '\\' in request.data['name']:
+        # return error if name contains any forward or backward slashes or quotes
+        if '/' in request.data['name'] or '\\' in request.data['name'] or "\"" in request.data['name']:
             return Response({'error':'Workspace name cannot contain forward or backward slashes'}, status=status.HTTP_400_BAD_REQUEST)
 
         serializer.is_valid(raise_exception=True)