Create video platform development FAQ wiki page
Closed this issue · 3 comments
JasonPuglisi commented
Acceptance Criteria
- The attached documentation questions are answered in a new wiki page titled
Development FAQ: Video Platform
- The new wiki page is added to the wiki index on the home page of the wiki
Questions
- How do you prevent XSS is this step when displaying the username of the user who uploaded the video?
- How do you ensure that users can’t delete videos that aren’t their own?
tanner-g commented
Working Responses:
- all our usernames are alpha numeric (we have username policies), there is also a set username length
- we use python libraries to handle string manipulation
- all flask variables are escaped out to HTML before being rendered to the page
tanner-g commented
To prevent users from deleting videos that are not their own, the deletion route will ensure that the video ID matches the user ID that is making the request.
JasonPuglisi commented
Done