bot icon indicating copy to clipboard operation
bot copied to clipboard

Published 20 hours ago verified publisher icon discord-tickets

Server-side API validation

Open eartharoid opened this issue 2 years ago • 1 comments

Client-side validation is fine for private bots but server-side validation is needed for two reasons:

  • lack of validation can be abused to create a lot of errors on the public bot
  • HTML/browser validation doesn't work on the questions & options inputs as hidden form inputs are not validated, meaning you can accidentally submit the form with empty required fields

Use joi schemas.

eartharoid avatar Aug 02 '22 20:08 eartharoid

Also improve client-side validation (especially for questions), perhaps with https://developer.mozilla.org/en-US/docs/Web/HTML/Constraint_validation (https://www.freecodecamp.org/news/form-validation-with-html5-and-javascript/).

eartharoid avatar May 26 '23 20:05 eartharoid