In my development I have a tag system that closely matches the one SO has. And it also allows non-Latin characters.
- User can enter new tag and it is saved to the DB.
- Existing tags are shown to the user when they type tag prefix. Fetch API is used for this.
I'm using Razor pages. At what point and how should I sanitize/encode strings in this flow?
Here is an example of my fetch request:
try {
const response = await fetch("api/tags?" + new URLSearchParams({ prefix: curPrefix, count: 12 }));
if (!response.ok) throw new Error("Network response was not OK");
const jsonData = await response.json();
if (jsonData.prefix === getPrefix()) {
var newTags = jsonData.tags.filter(tag => !selectedTags.find(x => x.name == tag.name));
setSuggestedTags(newTags);
}
} catch (error) {
console.error("There has been a problem with your fetch operation:", error);
}