URL fields should be restricted to URLs
Bug #522460 reported by
William Grant
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
IVLE |
Fix Released
|
High
|
William Grant |
Bug Description
We have a few URL fields in the database. Ensure that they are restricted to valid, non-malicious (eg. protocol is not javascript:) strings at both the DB and form validation layers.
- offering.url
- project.url
Related branches
Changed in ivle: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Neither has been set in production. Both are enforced at the form layer. It's a bit difficult to enforce at the DB layer, so we won't do that for now.