Keywords can be created with trailing/leading whitespace via restapi.

[deiferni]

https://sentry.4teamwork.ch/sentry/onegov-gever/issues/63411/

steps to reproduce:

• Create a keyword with trailing/leading whitespace e.g. via PATCH request with the following body to a document or dossier:

{
  "keywords": [
    {
      "title": "niuu ",
      "token": "niuu "
    }
  ]
}

• The endpoint will accept the keyword and create a new entry in the vocabulary, which can then be retrieved.

  "@id": "http://localhost:8080/fd/@vocabularies/plone.app.vocabularies.Keywords",
  "items": [
    {
      "title": " niuu ",
      "token": " niuu "
    }
  ],
  "items_total": 1
}

We should discuss if this is desired or if we should add a layer of input sanitation for certain fields. Otherwise we rely entirely on the frontend to perform the sanitation and "malicious" users could create very undesired keywords. Also third party api users may create such keywords by mistake. We should discuss whether we consider this to be an issue.

The current plone UI seems to perform input sanitation and trim whitespaces.

if we decide to fix this we must provide a cleanup upgrade to remove keywords with trailing/leading whitespace and potentially merge keywords if there are identical keywords apart from the whitespace.

if we decide to fix this issue #6311 can be closed.