green-metrics-tool
green-metrics-tool copied to clipboard
Putting ' or " in the URI field can break the admin
When putting in the uri https://broken-uri'.de the admin will flake.
Problem being is that it uses the URL as the identifier for the table row.
I propose a better sanitation mechanism that does not even allow to insert fields into the DB that have been replaced.
The method relevant for this is /v1/project/add
- In a second step a different field should be used for the identifier of the
td
row. Most likely a hash is more apt here. Technically anything that does not have an'
or"
in it should work, which is by design the case for URIs