Our great sponsors
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
Your site went down for maintenance in the middle of my exploring, but here's some feedback so far. 1) The exports (CSV, PDF, etc) should probably include my username and Banano address. Right now there doesn't appear to be any indication of who a downloaded report is tied to. 2) Why do you let me download the database, including column names? If I was an attacker, I could use this to understand your DB layout and possibly do a SQL injection attack. I'd recommend masking the names somehow. 3) I did a quick review of the Github: a) jQuery 3.6.0 has a more recent version, 3.6.1 - https://blog.jquery.com/2022/08/26/jquery-3-6-1-maintenance-release/ b) In /history, you use JSZip 3.1.3, which has a known denial-of-service vulnerability that could take your site offline. This should be upgraded to 3.10.1 - https://stuk.github.io/jszip/
2) Had not even realized this, I need to disable http and reroute port 80 to 443 3) The verify button calls some code originally written by bbedward that validates a string as a ban_address. To me, it seems more complicated than a simple REGEX which is why I made it a server-side calculation. https://github.com/Kirby1997/Banano/blob/master/validations.py