chakilamsuryat opened a new issue, #31723: URL: https://github.com/apache/superset/issues/31723
## Screenshot <img width="1790" alt="Screenshot 2025-01-06 at 4 40 40 PM" src="https://github.com/user-attachments/assets/38e53069-3745-4006-8b8d-2742a7e7a5f4"; /> ## Description There is no input validation present for Dashboard, Chart, Annotation Layers, row-level-security, and for user info details ## Design input In the module specific {charts, dashboards, annotation_layers, row_level_security, etc} schemas.py files, can add input validation like:- validate=[validate.And(Length(1, 250),validate.Regexp(regex='^[a-zA-Z0-9_]+$',error='Special Characters are not Allowed!'))] for the fields for which it is needed like name, description because if no validation is there then any attack is possible like they can give some scripts to be in name/description which might cause a vulnerability. For Userinfo input validations for first_name and last_name can create new view in our superset/security/manager.py and can add like:- [userinfoeditview = NewUserInfoEditView] in SuperSetSecurityManager. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
