Hello,
On our Losant Experience dashboards, we have a few areas where users can enter freeform text. The example I give below is for a user entering text that will be attached to a Losant event as comments/updates.
My question is, do we need to worry about sanitizing the text to remove things like HTML code, SQL injection code, from any potential user input? The likelyhood is very low, but some of our more senior devs have recommended that we ask whether Losant is expecting the Front End, or app.losant end to sanitize the text before it is eventually handled by Losant itself (via workflow that then adds the update to the event)?