Topic: It's possible for user to put some random values into restricted Date and Select

pavelpossiblep free asked 3 years ago


Expected behavior

When "data-mdb-toggle="datepicker"" is set on date field and user clicks it the datepicker shows up. This is relatively convenient to use to restrict user from putting in wrong kinds of data (e.g. letters instead of digits etc.) It seems to be obvious that in this case most attempts to put wrong data in should be blocked.

Actual behavior

However, if you click and hold, you will bee able to type in the field freely. Also you can paste anything to this field from clipboard using the same exploit.

Similar problem appears for Selects. If you put "data-mdb-validation="true"" on your the caret appears when you click on it. This allows you to paste any data to the field without changing the selected option value which leads the user to submitting incorrect data.

Here's a snippet I made. It also has the description of problemshttps://mdbootstrap.com/snippets/standard/pavelpossiblep/3153162


UNNdev priority commented 3 years ago

You can not only paste in the Select, but using the context menu also insert emojis or delete text. :(


Grzegorz Bujański staff answered 3 years ago


Thanks for reporting this. We will fix it as soon as possible



Please insert min. 20 characters.

FREE CONSULTATION

Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.

Status

Answered

Specification of the issue

  • ForumUser: Free
  • Premium support: No
  • Technology: MDB Standard
  • MDB Version: MDB5 3.8.0
  • Device: any
  • Browser: any
  • OS: any
  • Provided sample code: No
  • Provided link: Yes