Discussion: Improving Security and Data Handling of User Inputs #250
Description
What do we need to build or fix?
I've noticed that our form validations are lacking some essential checks on user inputs, that leads to non-validated form data getting submitted. We are also not sanitizing the inputs, and encrypting it before submitting the data.
This might need some urgent attention, as it may cause potential security risks like malware injections, data integrity loss, and some privacy concerns.
Technical details
The main goal is to make sure that we're able to validate, sanitize, and encrypt the data from user inputs.
- Implement unit testing in form validations to make sure test cases are followed by the functions we are implementing to validate user inputs.
- Implement complete and proper user input validations.
- Sanitize user inputs, make sure non-alphanumeric characters are removed or have an escape characters.
- Encrypt email content, to comply to privacy policies. (maybe this is optional?)
Approach suggestions
- We could decide what possible libraries or frameworks we could use for unit testing or we don't implement a unit testing but make sure all test cases are not missed. (ex. Jest, etc.)
- List down possible test cases for form user inputs. (ex. 123@123 should not be accepted on email inputs)
- Should we use libraries or frameworks for validations, sanitation, and encryption or just vanilla JS? If we are, what could you recommend and why (just to weigh in possible options)?
Acceptance criteria
- This is a discussion to improve security and data handling of user inputs.