Create video platform development FAQ wiki page

Question

Create video platform development FAQ wiki page

Closed this issue 5 years ago · 3 comments

JasonPuglisi commented 6 years ago

Acceptance Criteria

The attached documentation questions are answered in a new wiki page titled Development FAQ: Video Platform
The new wiki page is added to the wiki index on the home page of the wiki

Questions

How do you prevent XSS is this step when displaying the username of the user who uploaded the video?
How do you ensure that users can’t delete videos that aren’t their own?

JasonPuglisi commented 5 years ago

Done

Answer 1 · 2019-03-26T20:58:57.000Z

Working Responses:

all our usernames are alpha numeric (we have username policies), there is also a set username length
we use python libraries to handle string manipulation
all flask variables are escaped out to HTML before being rendered to the page

Answer 2 · 2019-03-26T20:59:43.000Z

To prevent users from deleting videos that are not their own, the deletion route will ensure that the video ID matches the user ID that is making the request.