Does anyone know if it’s possible to implement custom user input validation, specifically for new users, new admin badges and new user fields.
After a penetration test we found we are vulnerable to HTML Injection and other malicious inputs in these areas and wondered if there is a way to further validate these inputs to improve security (possibly by using regex or another way to achieve the same result)
We are part of the community but not staff. You would need to a get a response from them on this. However, given the attention paid to vulnerabilities and security by the team, plus the use of industry standard frameworks, I would reserve judgement until they’ve had time to respond.
This doesn’t sound like something you should need to mitigate, but at the same time, it may already be addressed in some way.