About:ExpressRAIL Assistant was deployed to retail floors and
reseller's websites and facilitated the ordering of one of
the company's railing systems. After generating a list of
needed parts, the list and the customer's drawing could be
emailed to the customer. This feature added significant
security concerns, since it rendered user-generated HTML,
converted it to a PDF, and emailed it to a given email
address. To better secure this feature, the backend
service was restricted such that it would only communicate
with the app's frontend service, a keyword filter was put
in place to prevent the app from parsing unexpected HTML,
and rate limiting was put in place to prevent the backend
service from being abused as a spam gateway.
Technologies:JavaScript, CSS, PHP, EC2, wkhtmltopdf, Git