SIT-14401: Input Validation and Sanitization for

How to Use This Feature

Strict Input Validation & Sanitize Message Box Feature

Overview

This feature implements strict input validation for user inputs in various fields, including name, phone number, and message box. The goal is to prevent HTML injection attacks and ensure that only valid characters are accepted.

Validation Rules

* Name Fields: Only letters (a-zA-Z) are allowed.

* Phone Field: Only numbers (0-9) and hyphens (-) are allowed.

* Message Box:

+ Maximum length: 100 characters

+ Allowed characters: Letters, numbers, spaces, punctuation marks (., , !, ?, ', {, }, -)

+ Forbidden characters: Strictly blocked or stripped to prevent HTML tags

Regex Patterns

* First Name: regex: ^[\p{L}]+([\p{L}' -]*[\p{L}])?$

* Last Name: regex: ^[\p{L}]+([\p{L}'. -]*[\p{L}])?$

* Country Code: regex: ^\+[1-9]\d{0,2}$

* Mobile Number (for country code "+1"): regex: ^(\d{6,15}|\d{3}-\d{3}-\d{4})$

* Message Box: regex: /^[^]{0,100}$

Behavior

  • User input is validated against the above rules.
  • If invalid input is detected, an error message is displayed.
  • The system sanitizes the message box to prevent HTML injection attacks.
  • The "Send" action proceeds successfully if the input is valid.

    • Scenarios

    The feature includes several scenarios to test its behavior, including:

  • Valid user input
  • Invalid user input (e.g., HTML injection)
  • Validation of first/last name and phone number fields
  • Message length constraint

    • Additional Information

    Status: UAT
    Assigned to: Harry Orenstein
    🏠 Home View in Jira