Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Input injection for signup table #150

Closed
NilsJacobsen opened this issue Mar 14, 2023 · 2 comments
Closed

Input injection for signup table #150

NilsJacobsen opened this issue Mar 14, 2023 · 2 comments
Labels
asap

Comments

@NilsJacobsen
Copy link
Member

Fix what marc suggested
@NilsJacobsen NilsJacobsen mentioned this issue Mar 14, 2023
Open
20 tasks
@NiklasBuchfink
Copy link
Contributor

image

Error message, with invalid string

NiklasBuchfink added a commit that referenced this issue Mar 14, 2023
@NiklasBuchfink
#150 add email syntax check to airtable getInvite
22ba2c5
@NiklasBuchfink
Copy link
Contributor

According to ChatGPT:
"Airtable prevents SQL injections by treating the filter formulas of the select() method as a special JSON query syntax instead of converting them directly to SQL. This JSON syntax is then converted into a secure query to the Airtable API.

SQL special characters such as quotes, semicolons, or comments cannot be used in Airtable filter formulas, which prevents SQL injections. Instead, Airtable provides a set of functions and operators that can be used in the filter formula to perform complex queries."

Added syntax check for email format to airtable request.
Also the input field itself also rejects malicious emails.

For this reason, I will close this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
asap
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@NilsJacobsen @NiklasBuchfink