As others have mentioned, this post is a great example of why TypeScript or another type checker vastly improve your code reliabilty as it would have solved the first six issues.
The last two are about validating user input which is always a good idea. With the particular example given in number 7 (the first one), values passed in the querystring should be URL encoded first and foremost which would solve the problem with the '/'. Additional validation to restrict the characters could then be done with a Regex but always with appropriate server-side validation also in place.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
As others have mentioned, this post is a great example of why TypeScript or another type checker vastly improve your code reliabilty as it would have solved the first six issues.
The last two are about validating user input which is always a good idea. With the particular example given in number 7 (the first one), values passed in the querystring should be URL encoded first and foremost which would solve the problem with the '/'. Additional validation to restrict the characters could then be done with a Regex but always with appropriate server-side validation also in place.