Skip to content

Username is not sanitized on registration #955

Closed
@apps-caraga

Description

@apps-caraga

I'm using dbAuth for a project and one issue I encounter is that the username is not sanitized even if the sanitation middleware is active. For example, a user can input usernames with html tags such as <h1>bigname or <marquee>runningname</marquee> and this gets inserted to the database as-is. I'm using the sanitation middleware per basic example. Any idea how to sanitize username on registration?

SanitationMiddleware config

'middlewares'=>'sanitation,dbAuth,authorization',
'sanitation.tables'=>'all',
'sanitation.handler' => function ($operation, $tableName, $column, $value) {
	return is_string($value) ? strip_tags($value) : $value;
},

The middleware sanitizes/strips html tags from other inputs during updating but not on user creation.

Metadata

Metadata

Assignees

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions