Hi Lena. Thanks for the response. We upload files having filenames. You use the filenames to as the default design titles. Except for having removed the punctuation.
I’m a computer programmer with expertise in computer security. It is not necessary for you strip the punctuation at any point for reasons of security.
The only thing you need to do is escape characters that might be used for injection attacks. If you store the filenames in a DB, you’re escaping SQL special characters. But we do this with all text sent to the server, not just filenames. We can type text with punctuation into any HTML form and have the server reliably store the text with punctuation. You surely do this with the titles that we type in after upload. Filenames are not special.
I’m doubtful your programmers thought they needed to do this for security. I’m guessing it’s something more like that they stripped the characters for purposes of generating a new filename for server-side storage and then used that stripped value as both the filename and the design title in the database. It might be a simple programming bug of using the wrong variable.
I’d like to make this a feature request. I upload multiple designs at once, all variations of each other. The titles are the same except for the addition of a color or the words “no text” at the end. As things stand, after upload I have to go through each design adding punctuation back in.