Missing Content Validation on Message Send

[riddhima25bet10005-a11y]

Severity: Medium Description: In the sendMessage controller, there is no validation to ensure that a message actually has content. The code blindly extracts text and image and saves the document. Impact: A user (or a malicious script) can send completely empty messages (where both text and image are undefined or empty strings). This leads to database clutter and can potentially break the frontend UI if it doesn't know how to render an empty message bubble.

[riddhima25bet10005-a11y]

Hi @ThePlator
Kindly assign this issue to me.
I am under GSSoC 2026.

[PadmavathiPachitala]

Hi @ThePlator

I’d like to work on this issue under GSSoC 2026.

I reviewed the reported behavior in the sendMessage controller and understood that messages are currently being saved without validating whether meaningful content actually exists. This can allow empty messages to be stored when both text and image are missing or empty.

I can help fix this by:

• adding proper backend validation before message creation
• ensuring at least one valid content field (text or image) exists
• trimming and validating empty string inputs safely
• returning appropriate error responses for invalid requests
• preventing unnecessary database clutter
• ensuring frontend chat rendering remains stable and predictable

I also plan to keep the implementation lightweight and isolated without affecting the existing messaging flow or WebSocket functionality.

I’d be happy to work on this if assigned. Thank you!

[ThePlator]

Hi @riddhima25bet10005-a11y! Since you reported this issue and have been consistently helpful, I am assigning this task to you.

Because we have several contributors interested in this fix, we are setting a 12-hour deadline for you to acknowledge this assignment and start work. If we don't see progress by then, we'll let another contributor take over to keep the momentum going. 🚀

[ThePlator]

Hi @PadmavathiPachitala! Thank you for the extremely thorough implementation plan. We are going to give the original reporter (@riddhima25bet10005-a11y) 12 hours to lead the work on this one first.

If she is unable to complete it, you are next in line! In the meantime, please check out other unassigned issues—we'd love to have your high-quality work on a different task! 🌟