SIT-14401: Input Validation and Sanitization

How to Use This Feature

Strict Input Validation & Sanitize Message Box

Overview

This feature implements strict input validation and sanitizes the message box to prevent HTML injection attacks.

Behavior

* Name Fields: Only allow letters (a-zA-Z) in first and last name fields.

* Phone Field: Only allow numbers (0-9) and hyphens (-) in phone field.

* Message Box:

+ Maximum length: 100 characters

+ Allowed characters: Letters, numbers, spaces, punctuation marks (., !, ?, ', { }, -)

+ Forbidden characters: Stripped or blocked HTML tags (<, >, etc.)

* Input Validation: Strictly validates input fields to prevent errors and security breaches.

* Error Handling: Displays error messages for invalid input, including names, phone numbers, and message box content.

Scenario Testing

The feature is tested with various scenarios, including:

  • Valid input (letters, numbers, spaces, punctuation marks)
  • Invalid input (HTML injection, excessive characters)
  • Phone number validation
  • Message box length constraint

    • Improvements

    The feature has been improved to allow for more reasonable inputs, such as valid names and phone numbers. The requirements have also been revised to balance security with user experience.

    Status

    Pending UAT deployment.

    Additional Information

    Status: Pending UAT Deployment
    Assigned to: Alefe Mafra
    🏠 Home View in Jira