https://bugs.kde.org/show_bug.cgi?id=485928
Bug ID: 485928
Summary: Input sanitisation in profile fields.
Classification: Websites
Product: bugs.kde.org
Version: unspecified
Platform: Fedora RPMs
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: database
Assignee: sysad...@kde.org
Reporter: 4wy78...@rokejulianlockhart.addy.io
CC: she...@kde.org
Target Milestone: ---
Flags: performance-
Created attachment 168773
--> https://bugs.kde.org/attachment.cgi?id=168773&action=edit
Issue.
SUMMARY
I received a message via e-mail today informing me that my strange choice to
use JSON in my name field had caused mail delivery issues and unsubscription
from a development mailing list. I'm mighty annoyed to have caused such a
thing, and hope to prevent it occurring in the future. Consequently, I propose
that some basic input sanitisation be implemented in the field entry forms to
prevent characters (or combinations thereof, although that seems infeasible to
test) which would cause issues being entered.
STEPS TO REPRODUCE
Don't do this, but inputting JSON in the name field shall cause problems.
OBSERVED RESULT
A user can cause problems to the mail server parsing, which ideally shouldn't
be possible.
EXPECTED RESULT
The input form should be sanitized to prevent a user entering problematic
characters.
ADDITIONAL INFORMATION
Attached is the original message, and a relevant message from a mail service
which might have encountered the same issue.
--
You are receiving this mail because:
You are watching all bug changes.
