HIGH: Missing input validation on configuration fields #76
Description
Security Finding
Severity: HIGH
Location: src/pages/Settings.js:72-80
CWE: CWE-20 (Improper Input Validation)
Description
Email and URL fields accept input without proper validation:
- No email format validation
- No URL scheme validation (could accept javascript: URLs)
- No length limits
Recommended Fix
- Add regex validation for email format
- Validate URL scheme (https:// only)
- Add length limits on all inputs
- Implement form validation library (zod recommended)
References
- Arcanum Anti-Patterns: Missing Input Validation (Priority Implement Basic User Authentication #6)
- OWASP: Input Validation
Found by Arcanum sec-context security review
Metadata
Metadata
Assignees
Labels
No labels