tangled.org
The description field had no length validation, so long descriptions would pass the form but fail at the DB INSERT (CHECK constraint) or lexicon layer (maxGraphemes: 140), after the PDS record and bare repo were already created. Add client-side maxlength and server-side rune count validation to reject early and avoid partial rollback state.
+6
-1
Diff
round #0
+2
-1
appview/pages/templates/repo/new.html
+2
-1
appview/pages/templates/repo/new.html
···
110
110
type="text"
111
111
id="description"
112
112
name="description"
113
+
maxlength="140"
113
114
class="w-full w-full dark:bg-gray-700 dark:text-white dark:border-gray-600 border border-gray-300 rounded px-3 py-2"
114
115
placeholder="A brief description of your project..."
115
116
/>
116
117
<p class="text-sm text-gray-500 dark:text-gray-400 mt-1">
117
-
Optional. A short description to help others understand what your project does.
118
+
Optional. A short description to help others understand what your project does (max 140 characters).
118
119
</p>
119
120
</div>
120
121
{{ end }}
+4
appview/state/state.go
+4
appview/state/state.go
···
469
469
l = l.With("defaultBranch", defaultBranch)
470
470
471
471
description := r.FormValue("description")
472
+
if len([]rune(description)) > 140 {
473
+
s.pages.Notice(w, "repo", "Description must be 140 characters or fewer.")
474
+
return
475
+
}
472
476
473
477
// ACL validation
474
478
ok, err := s.enforcer.E.Enforce(user.Active.Did, domain, domain, "repo:create")
History
1 round
1 comment
russ-fugal.smart-knowledge-systems.com
submitted
#0
1 commit
expand
collapse
appview: validate repo description length (max 140 chars)
The description field had no length validation, so long descriptions
would pass the form but fail at the DB INSERT (CHECK constraint) or
lexicon layer (maxGraphemes: 140), after the PDS record and bare repo
were already created. Add client-side maxlength and server-side rune
count validation to reject early and avoid partial rollback state.
expand 1 comment
pull request successfully merged
lgtm thanks!