Please help us help you and fill where relevant: Your LimeSurvey version: 5.4.11+221114 Own server YES Survey theme/template: Fruity
==================
How is user-supplied data validated, filtered, or sanitized by the application?
LimeSurvey is an open-source survey software that allows users to create and conduct online surveys. When users submit data through LimeSurvey, the application follows certain steps to validate, filter, and sanitize the data. Here are some ways LimeSurvey validates and filters user-supplied data:
Data Type Validation: LimeSurvey validates data by ensuring that the data submitted is of the correct data type. For example, if a user is asked to submit a numerical value, LimeSurvey will ensure that the value submitted is a number and not a string.
Range Validation: LimeSurvey can validate data by checking whether the submitted data falls within a specified range. For example, if a user is asked to enter their age, LimeSurvey can validate that the age falls within a specific range, such as 18 to 99 years old.
Required Field Validation: LimeSurvey can also validate data by ensuring that all required fields are filled out before submitting a form. This helps to ensure that important data is not missing.
Please help us help you and fill where relevant: Your LimeSurvey version: 5.4.11+221114 Own server YES Survey theme/template: Fruity
==================
How is user-supplied data validated, filtered, or sanitized by the application?
You mean data sent by participant ?
If you set validation option : it was validated.
Else !: we don't sanitize or anything else the data. We encode it to enter in database, end show it encoded in admin view.
participant can enter <script>alert('XSS');</script> : we ave this and show this (encoded)
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member,
professional service on demand
,
plugin development
. I don't answer to private message.
