alaveteli icon indicating copy to clipboard operation
alaveteli copied to clipboard

Published 20 hours ago verified publisher icon mysociety

Don't accept invalid URLs

Open WilliamWDTK opened this issue 2 years ago • 2 comments

See the history of https://www.whatdotheyknow.com/admin/bodies/1001

An invalid URL (banana) for disclosure log was accepted, and led to https://www.whatdotheyknow.com/body/banana.

I perhaps should not have tested it on a live, body, but it has now been reverted.

WilliamWDTK avatar Jul 24 '22 21:07 WilliamWDTK

+1 I've accidentally pasted tags into the homepage field before, which this would've prevented.

FOIMonkey avatar Jul 25 '22 05:07 FOIMonkey

This would tackle the case of accidentally putting an email address into these fields.

It leads me to wonder about further validation eg. rejecting a notes or tags field containing just a URL or email address.

Also consider if we want validation on the CSV upload or just the admin create/edit form.

RichardTaylor avatar Jul 25 '22 14:07 RichardTaylor

I'd say ideally on CSV too, but I imagine that would increase timeouts on WDTK, which is a separate issue.

WilliamWDTK avatar Aug 18 '22 22:08 WilliamWDTK