From e84a3313c79f116e84542b84b4f49915dd6355f9 Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
<161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Thu, 29 Jan 2026 02:00:58 +0000
Subject: [PATCH] feat(security): enforce input length limits in contact form
- Added `EMAIL_MAX_LENGTH` constant (254).
- Added `maxLength` attributes to Name, Email, Subject, and Message inputs.
- Updated `validateForm` to check email length.
- Mitigates client-side DoS and improves UX.
Co-authored-by: ragusa-it <196988693+ragusa-it@users.noreply.github.com>
---
src/pages/Contact.tsx | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/pages/Contact.tsx b/src/pages/Contact.tsx
index 708d7c8..1e85df1 100644
--- a/src/pages/Contact.tsx
+++ b/src/pages/Contact.tsx
@@ -9,6 +9,7 @@ import { sanitizeInput, isValidEmail } from "../utils/security";
import styles from "./Contact.module.css";
const NAME_MAX_LENGTH = 100;
+const EMAIL_MAX_LENGTH = 254;
const SUBJECT_MAX_LENGTH = 200;
const MESSAGE_MAX_LENGTH = 5000;
@@ -53,6 +54,8 @@ export function Contact() {
if (!formData.email.trim()) {
newErrors.email = "Required";
+ } else if (formData.email.length > EMAIL_MAX_LENGTH) {
+ newErrors.email = `Max ${EMAIL_MAX_LENGTH} characters`;
} else if (!isValidEmail(formData.email)) {
newErrors.email = "Invalid email";
}
@@ -165,6 +168,7 @@ export function Contact() {
value={formData.name}
onChange={(e) => handleChange("name", e.target.value)}
error={errors.name}
+ maxLength={NAME_MAX_LENGTH}
/>
handleChange("email", e.target.value)}
error={errors.email}
+ maxLength={EMAIL_MAX_LENGTH}
/>
handleChange("subject", e.target.value)}
error={errors.subject}
+ maxLength={SUBJECT_MAX_LENGTH}
/>