It's possible for user to put some random values into r


Topic: It's possible for user to put some random values into restricted Date and Select

pavelpossiblep asked a year ago

Expected behavior

When "data-mdb-toggle="datepicker"" is set on date field and user clicks it the datepicker shows up. This is relatively convenient to use to restrict user from putting in wrong kinds of data (e.g. letters instead of digits etc.) It seems to be obvious that in this case most attempts to put wrong data in should be blocked.

Actual behavior

However, if you click and hold, you will bee able to type in the field freely. Also you can paste anything to this field from clipboard using the same exploit.

Similar problem appears for Selects. If you put "data-mdb-validation="true"" on your the caret appears when you click on it. This allows you to paste any data to the field without changing the selected option value which leads the user to submitting incorrect data.

Here's a snippet I made. It also has the description of problems https://mdbootstrap.com/snippets/standard/pavelpossiblep/3153162


UNNdev pro premium priority commented a year ago

You can not only paste in the Select, but using the context menu also insert emojis or delete text. :(


Grzegorz Bujański staff answered a year ago

Thanks for reporting this. We will fix it as soon as possible


Please insert min. 20 characters.

FREE CONSULTATION

Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.

Status

Answered

Specification of the issue
  • User: Free
  • Premium support: No
  • Technology: MDB Standard
  • MDB Version: MDB5 3.8.0
  • Device: any
  • Browser: any
  • OS: any
  • Provided sample code: No
  • Provided link: Yes