Additional validation and escaping for file names.

This adds additional front and backend validations for task order file names. We are now restricting file names to a whitelist regex of [A-Za-z0-9\-_ \.] for simplicity. Note: On the frontend, the filename string must have at least one character. This is not true in the backend validation; because of the way the entire task order form is validated, requiring input would break the business logic currently implemented.
2020-01-12 11:33:33 -05:00
parent 05bc8c3819
commit 5213657b0f
7 changed files with 35 additions and 5 deletions
--- a/templates/components/upload_input.html
+++ b/templates/components/upload_input.html
@@ -49,6 +49,9 @@
      <template v-if="sizeError">
        <span class="usa-input__message">{{ "forms.task_order.size_error" | translate }}</span>
      </template>
+      <template v-if="filenameError">
+        <span class="usa-input__message">{{ "forms.task_order.filename_error" | translate }}</span>
+      </template>
      {% for error, error_messages in field.errors.items() %}
        <span class="usa-input__message">{{error_messages[0]}}</span>
      {% endfor %}