Audit sidewalk cafe permit search for vulnerabilities

[vingkan]

In pull request #145, we launched a new question page that lets visitors search for sidewalk permits by restaurant name.

The pull request was merged without review, so we are worried that the feature contains security vulnerabilities. Please check the feature for vulnerabilities to at least these two attacks:

• DOM Injection
• SQL Injection

Note: Run the app and API in development mode on your Cloud9 instance. Do not test for vulnerabilities on the production website until the end of the audit. After the fix has been deployed, you will test the production website.

To complete your audit, follow these steps:

• Learn about SQL and DOM injection attacks
• Try a DOM injection attack
• Try a SQL injection attack
• Document any attacks that succeed, with steps to reproduce
• Disclose the vulnerabilities internally to the team
• Submit a pull request to fix the vulnerabilities
• Confirm that the vulnerabilities are fixed in production