[Travel Feed] Title validation allows invalid permlink to be added to broadcast

in utopian-io •  3 years ago 

Project Information

Repository: https://github.com/travelfeed-io/travelfeed-io/
Project Name: Travel Feed

Describe the bug

If you attempt to create a post with a title using only characters such as "-----" this will cause an error during a broadcast, this is because of the stripping of these "---" prior to posting within the permlink.

Note: This will also occur with combinations of ! #, I'm sure there are also other characters that would provide this behavior.

To Reproduce

Steps to reproduce the behavior:

  1. Go to https://travelfeed.io/ and sign in.
  2. Go to the create post within travel feed
  3. Enter a title that such as "-------"
  4. Enter any post body that meets the validation of 250 words.
  5. Publish the post
  6. Note that the post cannot be created.

Expected behavior
When a user creates an uses a title such as "-----" they should not be able to submit the post until it would create a valid permlink, alternatively the post should be able to be submitted and a permalink is generated by Travel Feed.

Error Details

Upon submission the following error code is provided:

error: "server_error"
error_description: "permlink.size() > STEEM_MIN_PERMLINK_LENGTH && permlink.size() < STEEM_MAX_PERMLINK_LENGTH: Permlink is not a valid size."

Request Payload
The following shows the request payload, you can see that the permlink sent in the request is an empty string.

            "body":"Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aliquam sed arcu interdum, luctus augue eget, rhoncus turpis. Etiam id erat non metus mattis pellentesque nec non ante. ",


The following is able to be passed into the permlink of Steem:

  1. A - Z or 0 - 9 Characters
  2. A hyphen (-)
  3. Min Length of 1
  4. Max Length of 255

If the chosen method is to use the title, the validation should be adjusted to use these characters or optimally, upon post the title should allow any characters as mentioned, thus giving a user full control and the characters that don't meet the above should be substituted. In the event a user only passes illegal characters for the permlink, a permlink should be generated by checking the length prior to broadcast.


  • Browser: Google Chrome (Version 75.0.3770.100 (Official Build) (64-bit))
  • Device: MacBook Pro (Retina, 15-inch, Late 2013)
  • Operating system: MacOS Mojave Version 10.14.4

GitHub Account
A link to my GitHub account can be found here:


A link to the issue reported on GitHub can be found here:


Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Hi @tobias-g, thanks for making this contribution

It is very well detailed. I like that you included an analysis. It helped bring to light what exactly went wrong. Your answers to the PO's questions were solid as well. This sets an example that other hunters can and should follow.

If I understood very well, sanitizing the title input (in the case of "____") for illegal characters returned an empty string. So you are suggesting that instead of removing the characters, they should be replaced by something else. Or this should apply only when all the characters provided are illegal?

Great report. I look forward to your next contribution :)

Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.

To view those questions and the relevant answers related to your post, click here.

Need help? Chat with us on Discord.


Thank you for your review, @fego! Keep up the good work!