Input field validation

0
  Hi guys, How to prevent the user from entering this kind of scripts on the input fields <script>alert(1) </script> Is there any validation for this? Thanks in advance!!
asked
2 answers
0

Hello Karthikeyan C,

 

In mendix you can use different kinds of validation, you can add validation rules or you can create your validation with a micro- or nanoflow. 

 

For validating on certain text characters or other special characters you can probably use a regular expression.

 

Please take also a look at this learning path it goes in depth into the different validation tactics:

 

https://academy.mendix.com/link/modules/95/Ensuring-your-Data-is-Valid-and-Consistent 

 

Hope this helps

 

Good luck!

answered
0

If you're using native Mendix components for input, you don't have to worry about this type of injection, because they're always escaped so the scripts won't be executed.

 

If you use other components that allow direct access to your database, or make use of components that render things that the user typed (such as OQL or rich text), you do have to worry about sanitation. From the same page:

 

  • HTML content, usually derived from an HTML editor and displayed using an HTML viewer, format string, or an email client – these are the ways to avoid this abuse:

 

So you can use those to strip any malicious code from non-native Mendix components.

answered