Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update handle validation method to limit to: ^[a-z0-9_]+$ #17

Closed
mnaamani opened this issue Mar 26, 2019 · 1 comment
Closed

update handle validation method to limit to: ^[a-z0-9_]+$ #17

mnaamani opened this issue Mar 26, 2019 · 1 comment
Labels
security

Comments

@mnaamani
Copy link
Member

regex package from crates.io doesn't compile to wasm, so need alternative or roll our own.
@siman siman changed the title update handle validation method to limit to: a-zA-Z0-9 update handle validation method to limit to: ^[a-z0-9_]+$ Mar 26, 2019
@siman
Copy link
Contributor

siman commented Mar 26, 2019

The safest regex for usernames/handles/slugs would be ^[a-z0-9_]+$. They should be in lowercase because of the same reason why domain names are in lowercase.

Imagine all these domains are different:
apple
Apple
aPPle
APPLE
...

if they are handled as different names then we are in trouble with squatters.

@siman siman added the security label Mar 26, 2019
shamil-gadelshin pushed a commit to shamil-gadelshin/joystream-network that referenced this issue Mar 9, 2020
@bedeho
Merge pull request Joystream#17 from shamil-gadelshin/fix_application…
cd31dbb 
…_rationioning_policy_bug

Fix bug with zero 'max_active_applicants' parameter
shamil-gadelshin pushed a commit to shamil-gadelshin/joystream-network that referenced this issue Mar 9, 2020
@mnaamani
Merge pull request Joystream#17 from bedeho/test-reorg
5ab4944 
Improve tests
This was referenced May 1, 2020
Closed
Closed
Closed
Closed
@bedeho bedeho closed this as completed Jan 22, 2021
@bedeho bedeho mentioned this issue Nov 27, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@siman @bedeho @mnaamani