Do I need to sanitize the user's display name for security reasons? (UpdateUserTitleDisplayName),Do I need to sanitize the user's display name for security reasons?

Question

question

jacobdhart asked Nov 14, '17

Do I need to sanitize the user's display name for security reasons? (UpdateUserTitleDisplayName),Do I need to sanitize the user's display name for security reasons?

Do I need to sanitize/escape the string I pass into UpdateUserTitleDisplayName, or does PlayFab already take care of this for me? Are there any display names that could cause database injection attacks or other security issues?

Player Data apis data

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Answer 1 · 2017-11-14T09:27:48Z

brendan answered Nov 14, '17

The Title Display Name is simply a string on our side - there's no opportunity for any kind of injection attack in our service, regardless of what's in it. If you're loading the Title Display Name into a website or other code, you should ensure that it's only ever used as a string.

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

question