From ebbffca21dff9a29ccacccc2781686adcc4ebcc1 Mon Sep 17 00:00:00 2001
From: Eduardo Silva <eduardo@eth0.com.br>
Date: Mon, 16 Mar 2026 20:23:05 -0300
Subject: [PATCH] validate path prefix in form cleaning process to ensure
 proper formatting and prevent invalid characters

---
 app_gateway/forms.py | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/app_gateway/forms.py b/app_gateway/forms.py
index 06fec33..ead1e73 100644
--- a/app_gateway/forms.py
+++ b/app_gateway/forms.py
@@ -277,3 +277,17 @@ class ApplicationRouteForm(forms.ModelForm):
                 css_class='row'
             )
         )
+
+    def clean(self):
+        cleaned_data = super().clean()
+        path_prefix = (cleaned_data.get('path_prefix') or '').strip()
+        if path_prefix:
+            if not path_prefix.startswith('/'):
+                self.add_error('path_prefix', _('Path prefix must start with /.'))
+            elif ' ' in path_prefix:
+                self.add_error('path_prefix', _('Path prefix cannot contain spaces.'))
+            elif any(c in path_prefix for c in ('{', '}', '\n', '\r')):
+                self.add_error('path_prefix', _('Path prefix contains invalid characters.'))
+            else:
+                cleaned_data['path_prefix'] = path_prefix
+        return cleaned_data