Open
Description
Per this thread in DSVA Slack, we need to improve the text input validation to prevent users from entering characters that break the backend processing.
The validators made in #102649 and #34475 could be moved into the shared utilities directory and applied to all relevant text fields in FMP1, FMP2, OHI, and CHAMPVA Claims.
As a recap:
this set of "illegal characters" should be checked for and prevented if a user tries to enter them in normal text fields (e.g., not email fields or other special cases):
~!@#$%^&*+=[\]{}()<>;:"`\\/_|
Here is a log sample that demonstrates what happens when a user types an illegal character (such as ") in a vulnerable text-entry field. It should be noted that this issue is rarely seen.
Acceptance criteria
- All FMP1 text entry fields that do not already enforce a character validator are checked to verify that they do not permit characters that fall inside the regex shown above
- Repeated for FMP2
- Repeated for OHI
- Repeated for CHAMPVA Claims
- Any text fields found to permit the illegal characters specified above are updated to prevent the illegal characters from being accepted
Activity