question

jacobdhart avatar image
jacobdhart asked

Do I need to sanitize the user's display name for security reasons? (UpdateUserTitleDisplayName),Do I need to sanitize the user's display name for security reasons?

Do I need to sanitize/escape the string I pass into UpdateUserTitleDisplayName, or does PlayFab already take care of this for me? Are there any display names that could cause database injection attacks or other security issues?

apisPlayer Datadata
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
brendan avatar image
brendan answered

The Title Display Name is simply a string on our side - there's no opportunity for any kind of injection attack in our service, regardless of what's in it. If you're loading the Title Display Name into a website or other code, you should ensure that it's only ever used as a string.

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Error rendering WebPanel (widgets/consolidation-widget.ftl): org.hibernate.hql.internal.ast.QuerySyntaxException: AvailableConsolidation is not mapped [from AvailableConsolidation up where up.node = :node]