Input validation
Description
It's possible to send any json value to save endpoint for example from command line and it gets interpreted by request.get_json(). This also breaks the frontend as it doesn't know how to handle incorrect data
- missing attributes like email
- not object ["a","b","c"]
- very large values
- malformed values {location: "fdfafadf"}
Suggested solution
- accept request as formdata and use for example https://wtforms.readthedocs.io/en/2.3.x/ for form validation
Sending post request to save/
Edited by juanrein