Title Sanitization

Open donovanglover opened this issue 2 years ago • 1 comments

Should there be something in the spec mentioning how items must be valid filenames? Would prevent users from being able to create Areas/Categories/IDs that can't be created on the filesystem and stop directory traversal attacks based on how paths are implemented.

Dec 18 '23 19:12 donovanglover

A great observation, but the solution can't be to restrict titles: you need to be able to call your thing whatever you want, whether it includes /, :, or whatever else.

Perhaps we just note in the spec that this is an issue to be considered. And that the implementor of any application needs to work around it.

Perhaps with an official list of substitutions so at least they're consistent?

Dec 18 '23 23:12 johnnydecimal