Question

Input field validation

0

Hi guys, How to prevent the user from entering this kind of scripts on the input fields <script>alert(1) </script> Is there any validation for this? Thanks in advance!!

asked 2024-04-18

Karthikeyan C

2 answers

Jelle van Leeuwen · Answer 1 · 2024-04-18

Hello Karthikeyan C,

In mendix you can use different kinds of validation, you can add validation rules or you can create your validation with a micro- or nanoflow.

For validating on certain text characters or other special characters you can probably use a regular expression.

Please take also a look at this learning path it goes in depth into the different validation tactics:

https://academy.mendix.com/link/modules/95/Ensuring-your-Data-is-Valid-and-Consistent

Hope this helps

Good luck!

Eline Bijkerk · Answer 2 · 2024-04-18

If you're using native Mendix components for input, you don't have to worry about this type of injection, because they're always escaped so the scripts won't be executed.

If you use other components that allow direct access to your database, or make use of components that render things that the user typed (such as OQL or rich text), you do have to worry about sanitation. From the same page:

HTML content, usually derived from an HTML editor and displayed using an HTML viewer, format string, or an email client – these are the ways to avoid this abuse:
- Use the XSSSanitize action from the CommunityCommons Function Library module to strip malicious code from the entered HTML
- Display the value of an attribute as HTML or using the HTMLEncode function from the Community Commons Function Library module

So you can use those to strip any malicious code from non-native Mendix components.