Input Sanitization/Validation for a Contact Forum (Best Practices in Strapi)

Hi everybody,

I’m new to this forum, so please don’t mind me not knowing any customs here :slight_smile:

I’m currently building a contact form in an astro/react frontend. When the user submits, a post request is made to my strapi backend. With a lifecycle hook then an email is sent to my private mail adress.

This works all fine. However now that I got it to work, I’m starting to wonder how to secure this setup. I would like to make sure no malicious code get’s run on the backend, so backend-side sanitization is a must for me. Additionally I would like to protect against a centralised spam-attack, probably with a sleep(300) or whatever is the thing you do in Javascript land :slight_smile:

My questions:

  • Are there best practices for how to secure user input in strapi?
  • What does strapi already do and what MUST I do additionally?
  • Any docu/tutorials/anything out there you could recommend for reading into security and input fields built with strapi?

For some Input I would be more than thankful!

Cheers from Germany,
Max

@DMehaffy will probably have far more context he can add here but Strapi comes with some sanitization methods.

See Controllers | Strapi Documentation