This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA® Identity Governance & Lifecycle Discussions

Discussions about RSA Identity Governance & Lifecycle.
PaulSquires1
Beginner
Beginner
‎2016-03-03 09:53 AM

Sanitising form inputs

Jump to solution

Hi all,

 

I have a request form with a text input box. On form submission, the workflow contains a SQL update node, which takes the value from the input and writes as it as an attribute for the target user.Does anyone know of a way to sanitise this input? The specific problem relates to people using an apostrophe, but there are obviously a number of other characters that cause similar problems and cause the SQL update to either fail, or have undesirable effects.

 

Appreciate any thoughts on this.

Paul

Labels (1)
Labels
0 Likes
Reply
1 Solution

Accepted Solutions
PaulSquires1
Beginner
Beginner
‎2016-03-03 01:20 PM

Jump to solution

Thanks for the pointers and to Frank Schubert

 

Using a javascript block like the following will remove the apostrophe and I can extend to other characters as needed.

 

document.getElementById('<yourtextfieldname>').onchange = function () { avform.setValue('<yourtextfieldname>', this.value.replace('\'', ''))};

View solution in original post

0 Likes
Reply
8 Replies
UlrichSchulz
Beginner
Beginner
‎2016-03-03 10:38 AM

Jump to solution

There was a recent post from Frank that you can leverage. He converted a form input field to upper case in his example. You could easily modify it to replace certain characters.

Sorry I don't have the link right now to the post. But should be easy to find. Look at last 2-3 days.

 

Sent from my iPhone

Reply
PaulSquires1
Beginner
Beginner
‎2016-03-03 01:20 PM

Jump to solution

Thanks for the pointers and to Frank Schubert

 

Using a javascript block like the following will remove the apostrophe and I can extend to other characters as needed.

 

document.getElementById('<yourtextfieldname>').onchange = function () { avform.setValue('<yourtextfieldname>', this.value.replace('\'', ''))};

View solution in original post

0 Likes
Reply
FrankSchubert
Beginner
Beginner
‎2016-03-04 02:30 AM

Jump to solution

Actually, that trick can be employed to do all sorts of formatting and formatting checks. Put a regex call in there and you are good for many more use cases. This is a possible way to avoid having to run a form/field validation script/JSP. Even more complex calls are possible beyond the character# limitation of the text field that houses the javascript. simply load a javascript library using a (hidden) text field (your System security settings must allow that).

 

There is really no limit what you can do, just keep it with Jeff Goldblum from Jurassic Park I: "Yeah, yeah, but you programmers were so preoccupied with whether or not they could that they didn't stop to think if they should."

Reply
AndyCheek
New Contributor
New Contributor
‎2016-03-07 09:14 AM

Jump to solution

That's all well and good to remove such characters, but is there any appropriate way to retain the special character in the field values, e.g. the apostrophe in O'Brien ... but escape/handle it when doing SQL insert/update so that the input values are kept as entered?

0 Likes
Reply
AndrewUlliani
Employee
Employee
In response to AndyCheek
‎2016-03-07 03:48 PM

Jump to solution

The Oracle SQL syntax to insert a value with an apostrophe is to use a double apostrophe.  Example:

insert into TABLE values ('O''Brien');

Reply
FrankSchubert
Beginner
Beginner
In response to AndrewUlliani
‎2016-03-08 04:43 AM

Jump to solution

This would mean that single quotes would need to get replaced with two single quotes. That should do the trick.

0 Likes
Reply
NasreenMathias
Employee
Employee
‎2016-08-18 03:12 PM

Jump to solution

How do you handle this if your element is a user type object and the name is such John O'Donnell or a URL link? 

I recently worked on a case that the customer was getting an endless regex loop from their request form. It was causing the system to crash. 

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.