As a logged in user I can use any UTF8 character for resource name, descriptions, comments, etc

security
meta
validation

#1

Q1. What is the problem that you are trying to solve?
Validation rules are too strict, sometimes it is not possible to enter the information we need. Some rules have been relaxed for specific but we still need an overhaul.

Q2 - Who is impacted?
Everybody

Q3 - Why is it important and/or urgent?
Ease of use.

Q4 - What is your proposed solution? (optional)
The following fields validation should be applied:

  • User
    – username: email validation rules
    – firstname / lastname: any UTF8 char
  • Resources
    – name: any UTF8 chars including emoji
    – username: any UTF8 chars
    – url: any UTF8 char
    – description: UTF8 including emoji
  • Comments
    – text: UTF8 including emoji
  • Groups
    – name: any UTF8 char
  • Secrets
    – password: any UTF8 char

Special attention should be brought forward in the client for all these fields as to avoid introducing new XSS.

ref. https://github.com/passbolt/passbolt_api/issues/103


#2

@kevin and @cedric: what do you think? Any other fields missing?


#3

We need to use $ symbol in the username field.


#4

Yes @sid that will be supported


#5

This is now available with passbolt v2.0.0-RC1