|
|
|
|
|
|
by krapp
2123 days ago
|
|
|
It looks like you're using HTML form maxlength attributes to determine the maximum length for elements. I hope you're also validating that on the server somehow, because of course anyone can simply delete those before posting. Remember, no one even has to go through your form to make a POST request to one of your endpoints (unless maybe you're using CSRF tokens, which you don't seem to be). Never assume that what you send to the user has any relationship to what they send back, and never validate on the front end. |
|
|
As quick fix to get the site up and running again, I just trimmed off any overly long title or cat beyond a certain limit of chars.