[GRASS-dev] GSoC 2014: GRAS GIS Web UI
Glynn Clements
glynn at gclements.plus.com
Mon Mar 10 09:02:00 PDT 2014
epi wrote:
> I guess the code behind the web-ui has to sanitize each text entry,
> will be this enough ?
>
> A "sanitize inspection" on all the �input� coming from the web-ui
> can be performed and this will be part of the UI itself, not of the
> grass modules. with the aim to avoid people doing something like ..
> http://xkcd.com/327/ ;)
That's the main thing.
If you allow the user to e.g. provide names for maps, such names
should be limited to alphanumeric characters and limited to a
reasonable length.
If you allow the user to provide a list of inputs, limit both the
maximum number of items and the total length of the resulting textual
representation.
And so on.
In short, GRASS modules are designed for use by local users who
already have shell access, so there hasn't been any need to program
defensively. The OS prevents people from e.g. reading or writing files
which they aren't supposed to.
--
Glynn Clements <glynn at gclements.plus.com>
More information about the grass-dev
mailing list