Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
@Demolishun It is absolutely a veiled “didn’t sanitize inputs” problem.
They are not passwords or articles or any kind of freeform content, they are IDs which will later be queried against. -
@LLAMS how do those ids end up having trailing or leading whitespace? Does someone enter them manually? If so, why?
-
@Lensflare Entered manually to a GraphQL mutation
-
@Root Joke’s on you it’s a DynamoDB table. Checkmate hackers. Oh wait, now you know…
This is your friendly reminder to trim whitespace from strings before saving them to a DB
rant