Topic: It's possible for user to put some random values into restricted Date and Select
pavelpossiblep free asked 1 year ago
When "data-mdb-toggle="datepicker"" is set on date field and user clicks it the datepicker shows up. This is relatively convenient to use to restrict user from putting in wrong kinds of data (e.g. letters instead of digits etc.) It seems to be obvious that in this case most attempts to put wrong data in should be blocked.
However, if you click and hold, you will bee able to type in the field freely. Also you can paste anything to this field from clipboard using the same exploit.
Similar problem appears for Selects. If you put "data-mdb-validation="true"" on your the caret appears when you click on it. This allows you to paste any data to the field without changing the selected option value which leads the user to submitting incorrect data.
Here's a snippet I made. It also has the description of problemshttps://mdbootstrap.com/snippets/standard/pavelpossiblep/3153162
Grzegorz Bujański staff answered 1 year ago
Thanks for reporting this. We will fix it as soon as possible
Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.
- User: Free
- Premium support: No
- Technology: MDB Standard
- MDB Version: MDB5 3.8.0
- Device: any
- Browser: any
- OS: any
- Provided sample code: No
- Provided link: Yes
UNNdev priority commented 1 year ago
You can not only paste in the Select, but using the context menu also insert emojis or delete text. :(