User Input Verification

  • Last update: October 21, 2025

    • Overview

    Version

    FineDataLink VersionFunctional Change
    4.0.23/

    Application Scenario

    The server accepts user input and incorporates it directly into the logic of the web application.

    If the input contains malicious code, the server will accept and execute it, leading to issues such as information leakage and arbitrary code execution.

    Function Description

    The User Input Verification function is enabled by default, which verifies the user input in specific scenarios within FineDataLink, effectively filtering malicious code and ensuring system security.

    If the user input contains illegal content, clicking OK or Save will prevent the entered content from being saved and trigger a pop-up message, as shown in the following figure.

    Function Description

    Enabling/Disabling User Input Verification

    You (the super admin) can enable/disable User Input Verification by modifying the following configuration item in the fine_conf_entity table.

    iconNote:
    The User Input Verification configuration item does not exist in the fine_conf_entity table. You need to manually add the field and restart FineDataLink to apply the change. For the addition method, see Modifying fine_conf_entity Manually.
    Configuration ItemConfiguration ValueDefinition
    WebSecurityConfig.enableParameterVerifytrueEnable User Input Verification (default value).
    falseDisable User Input Verification.

    Verification Content

    After the User Input Verification function is enabled, it will verify the input content in specific input scenarios in FineDataLink. For details, see the "Verification Scenario" section.

    If the input contains the following regular expressions, clicking OK or Save will prevent the entered content from being saved and trigger a pop-up message: "Illegal characters exist in the input: XXX."

    iconNote:
    When there are multiple illegal characters in the input, only the first illegal character detected will be displayed.
    Verification TypeRegular Expression
    Illegal character"
    <
    >
    &
    Illegal keyword/script
    javascript:
    onblur
    getRuntime
    ProcessBuilder
    java.lang.ProcessImpl

    Verification Scenario

    ModuleVerification ScenarioVerification Content
    User Management
    		User adding/editing

    Username

    iconNote:
    User Input Verification is unavailable during importing users or synchronizing users.
    Department adding/editingDepartment name
    Role editing/editingRole name and remark
    Appearance ConfigurationLogin pageLogin title
    Platform stylePlatform title
    System ManagementGeneral > General ParameterServlet path name
    Mailbox > Sender Account SettingDisplayed sender name
    Data ConnectionData connection creation in Data Connection ManagementData connection name
    Data connection renaming in Data Connection Management Data connection name
    Dataset creation in Server Dataset  Server dataset name
    Dataset renaming in Server DatasetServer dataset name





    附件列表


    主题: System Management
    Previous
    Next
    • Helpful
    • Not helpful
    • Only read
    中文(简体)
    English

    滑鼠選中內容,快速回饋問題

    滑鼠選中存在疑惑的內容,即可快速回饋問題,我們將會跟進處理。

    不再提示

    10s後關閉

    Get
    Help
    Online Support
    Professional technical support is provided to quickly help you solve problems.
    Online support is available from 9:00-12:00 and 13:30-17:30 on weekdays.
    Page Feedback
    You can provide suggestions and feedback for the current web page.
    Pre-Sales Consultation
    How to Get Quotes:
    FineReport FineBI
    Demonstration Booking:
    FineReport FineBI
    Business Consultation
    Business: international@fanruan.com
    Support: support@fanruan.com
    Page Feedback
    *Problem Type
    Cannot be empty
    Problem Description
    0/1000
    Cannot be empty

    Submitted successfully

    Network busy