Validate entire query param contents for unexpected characters #570

notlee · 2022-02-11T18:46:44Z

Currently we split the component query parameter into name/version before validating.
This allowed an invalid component name to be passed through if it contained an
@ symbol e.g. @financial-times/o-table@[naughty]@^0.0.1

This PR ignores anything after the first @. It would be better/safer
to validate the whole parameter content first before processing.
#569

The text was updated successfully, but these errors were encountered:

origamiserviceuser added this to Backlog in Origami ✨ Feb 11, 2022

github-actions bot added the service Relates to an Origami service label Feb 11, 2022

notlee added the next planning Used to mark an issue to discuss in Origami's next six-week planning session label Feb 11, 2022

KamranMuniree moved this from Backlog to To Do in Origami ✨ Jul 28, 2022

KamranMuniree assigned notlee and akomiqaia Jul 28, 2022

KamranMuniree removed the next planning Used to mark an issue to discuss in Origami's next six-week planning session label Jul 28, 2022

KamranMuniree added the next planning Used to mark an issue to discuss in Origami's next six-week planning session label Aug 30, 2022

KamranMuniree moved this from To Do to Backlog in Origami ✨ Aug 30, 2022

notlee removed the next planning Used to mark an issue to discuss in Origami's next six-week planning session label Jan 27, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Validate entire query param contents for unexpected characters #570

Validate entire query param contents for unexpected characters #570

notlee commented Feb 11, 2022 •

edited

Validate entire query param contents for unexpected characters #570

Validate entire query param contents for unexpected characters #570

Comments

notlee commented Feb 11, 2022 • edited

notlee commented Feb 11, 2022 •

edited