SIT-14401: Input Validation and Sanitization Tool

How to Use This Feature

Strict Input Validation and Sanitize Message Box Feature

Overview

This feature implements strict input validation for various fields in the system, including name, phone number, message box, and first/last name. The goal is to prevent HTML injection attacks and ensure that user input conforms to specific character sets.

Validation Rules

* Name Fields: Only letters and apostrophes are allowed.

* Phone Field: Only numbers and hyphens are allowed.

* Message Box:

+ Maximum length: 100 characters

+ Allowed characters: Letters, numbers, spaces, punctuation marks (., , !, ?, ')

+ Forbidden characters: HTML tags, whitespace at start/end

* First Name: Allows international Unicode characters plus space, apostrophe, or dash.

* Last Name: Allows international Unicode characters plus apostrophe, period, space, or dash.

* Country Code: Requires a 1-3 digit code (default to "+1" for US).

* Mobile Number: Flexible for international formats; uses libphonenumber library for strict validation.

Behavior

  • User input is validated against the specified character sets.
  • If input is invalid, an error message is displayed and the input is rejected.
  • The system sanitizes HTML tags in the message box to prevent injection attacks.
  • Input length is checked and truncated if necessary.
  • The system allows reasonable inputs for name, phone number, and message text.

    • Changes

  • Revised validation rules to allow more flexibility and international Unicode characters.
  • Implemented character set restrictions for name fields, phone field, and message box.
  • Added sanitization of HTML tags in the message box.

    • Additional Information

    Status: Pending UAT Deployment
    Assigned to: Alefe Mafra
    🏠 Home View in Jira