From f78f1110a2c2d06d8ecc05999a8cd3fccd06670b Mon Sep 17 00:00:00 2001
From: Kit Foster <katya.a.foster@gmail.com>
Date: Fri, 10 Jan 2025 14:07:57 +0100
Subject: [PATCH] Limit allowed characters in User.name (#88)

* Limit Name allowed characters

* bump version
---
 package.json  |  2 +-
 test/user.js  | 34 ++++++++++++++++++++++++++++++++++
 user/index.js |  3 ++-
 3 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/package.json b/package.json
index 44b5b49..d9e8c11 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@zeit/schemas",
-  "version": "2.37.0",
+  "version": "2.38.0",
   "description": "All schemas used for validation that are shared between our projects",
   "scripts": {
     "test": "yarn run lint && best --verbose",
diff --git a/test/user.js b/test/user.js
index fe4d8fc..0bdfed7 100644
--- a/test/user.js
+++ b/test/user.js
@@ -100,6 +100,40 @@ exports.test_name_too_long = () => {
 	);
 };
 
+exports.test_name_32_chars = () => {
+	const isValid = ajv.validate(User, {
+		name: 'a'.repeat(32)
+	});
+	assert.equal(isValid, true);
+};
+
+exports.test_name_valid_special_chars = () => {
+	assert(ajv.validate(User, { name: "John O'Neil" }));
+	assert(ajv.validate(User, { name: 'Anne-Marie Johnson' }));
+	assert(ajv.validate(User, { name: 'Dr. J.R. Smith' }));
+	assert(ajv.validate(User, { name: 'Renée' }));
+	assert(ajv.validate(User, { name: 'John_Doe' }));
+	assert(ajv.validate(User, { name: 'John@Vercel' }));
+	assert(ajv.validate(User, { name: 'John (Jack)' }));
+	assert(ajv.validate(User, { name: 'Martin, Jr.' }));
+	assert(ajv.validate(User, { name: 'Åsa' }));
+	assert(ajv.validate(User, { name: 'Łukasz' }));
+	assert(ajv.validate(User, { name: 'Ōsaka' }));
+	assert(ajv.validate(User, { name: '王小明' }));
+	assert(ajv.validate(User, { name: '山田太郎' }));
+	assert(ajv.validate(User, { name: 'محمد' }));
+	assert(ajv.validate(User, { name: 'Dr. 李四@Work' }));
+	assert(ajv.validate(User, { name: 'Γιάννης' }));
+	assert(ajv.validate(User, { name: 'Сергей' }));
+	assert(ajv.validate(User, { name: '123' }));
+	assert(ajv.validate(User, { name: 'Müller' }));
+};
+
+exports.test_name_invalid_special_chars = () => {
+	assert.equal(ajv.validate(User, { name: '<html>test</html>' }), false);
+	assert.equal(ajv.validate(User, { name: '![a.png](https://example.com/a.png)' }), false);
+};
+
 exports.test_name_valid = () => {
 	assert(ajv.validate(User, { name: 'Nate' }));
 };
diff --git a/user/index.js b/user/index.js
index 50b995d..f28de95 100644
--- a/user/index.js
+++ b/user/index.js
@@ -8,7 +8,8 @@ const Username = {
 const Name = {
 	type: 'string',
 	minLength: 1,
-	maxLength: 32
+	maxLength: 32,
+	pattern: '^[^\\[\\]<>#$!*;]*$'
 };
 
 const Email = {