timestamps in transactions can blindly take invalid input
unleashed opened this issue · 0 comments
unleashed commented
The usage of Date._parse
when taking the input of the timestamp
field of transactions is insufficient to validate a date. In particular, it's been discovered that some strings with a specific number of digits are considered dates by the affected code.
Note that the documentation only talks about a specific format for dates in the timestamp
field, so for example we might want to consider changing this so proper validation happens as specified in the docs.