ITISFoundation
diff --git a/‎packages/models-library/VERSION‎
Lines changed: 1 addition & 1 deletion b/‎packages/models-library/VERSION‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/models-library/setup.cfg‎
Lines changed: 3 additions & 3 deletions b/‎packages/models-library/setup.cfg‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎packages/models-library/src/models_library/api_schemas_webserver/folders_v2.py‎
Lines changed: 3 additions & 3 deletions b/‎packages/models-library/src/models_library/api_schemas_webserver/folders_v2.py‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎packages/models-library/src/models_library/api_schemas_webserver/groups.py‎
Lines changed: 7 additions & 6 deletions b/‎packages/models-library/src/models_library/api_schemas_webserver/groups.py‎
Lines changed: 7 additions & 6 deletions
diff --git a/‎packages/models-library/src/models_library/api_schemas_webserver/projects.py‎
Lines changed: 1 addition & 1 deletion b/‎packages/models-library/src/models_library/api_schemas_webserver/projects.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/models-library/src/models_library/api_schemas_webserver/users.py‎
Lines changed: 25 additions & 17 deletions b/‎packages/models-library/src/models_library/api_schemas_webserver/users.py‎
Lines changed: 25 additions & 17 deletions
diff --git a/‎packages/models-library/src/models_library/basic_types.py‎
Lines changed: 0 additions & 33 deletions b/‎packages/models-library/src/models_library/basic_types.py‎
Lines changed: 0 additions & 33 deletions
@@ -1 +1 @@
-0.2.0
+0.3.0
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.2.0
+current_version = 0.3.0
 commit = True
 message = packages/models-library version: {current_version} → {new_version}
 tag = False
@@ -16,10 +16,10 @@ test = pytest
 [tool:pytest]
 asyncio_mode = auto
 asyncio_default_fixture_loop_scope = function
-markers =
+markers = 
 	diagnostics: "can be used to run diagnostics against deployed data (e.g. database, registry etc)"
 	testit: "marks test to run during development"
 
 [mypy]
-plugins =
+plugins = 
 	pydantic.mypy
@@ -1,10 +1,10 @@
 from datetime import datetime
 from typing import Annotated, Self
 
+from models_library.string_types import DisplaySafeStr
 from pydantic import ConfigDict, Field, field_validator
 
 from ..access_rights import AccessRights
-from ..basic_types import IDStr
 from ..folders import FolderDB, FolderID
 from ..groups import GroupID
 from ..utils.common_validators import null_or_none_str_to_none_validator
@@ -53,7 +53,7 @@ def from_domain_model(
 
 
 class FolderCreateBodyParams(InputSchema):
-    name: IDStr
+    name: DisplaySafeStr
     parent_folder_id: FolderID | None = None
     workspace_id: WorkspaceID | None = None
     model_config = ConfigDict(extra="forbid")
@@ -68,7 +68,7 @@ class FolderCreateBodyParams(InputSchema):
 
 
 class FolderReplaceBodyParams(InputSchema):
-    name: IDStr
+    name: DisplaySafeStr
     parent_folder_id: FolderID | None = None
     model_config = ConfigDict(extra="forbid")
 
 
@@ -3,6 +3,7 @@
 
 from common_library.basic_types import DEFAULT_FACTORY
 from common_library.dict_tools import remap_keys
+from models_library.string_types import DescriptionSafeStr, NameSafeStr
 from pydantic import (
     AnyHttpUrl,
     AnyUrl,
@@ -27,7 +28,7 @@
     StandardGroupCreate,
     StandardGroupUpdate,
 )
-from ..users import UserID, UserNameID
+from ..users import UserID, UserNameID, UserNameSafeID
 from ..utils.common_validators import create__check_only_one_is_set__root_validator
 from ._base import InputSchema, OutputSchema, OutputSchemaWithoutCamelCase
 
@@ -155,8 +156,8 @@ def _update_json_schema_extra(schema: JsonDict) -> None:
 
 
 class GroupCreate(InputSchema):
-    label: str
-    description: str
+    label: NameSafeStr
+    description: DescriptionSafeStr
     thumbnail: AnyUrl | None = None
 
     def to_domain_model(self) -> StandardGroupCreate:
@@ -173,8 +174,8 @@ def to_domain_model(self) -> StandardGroupCreate:
 
 
 class GroupUpdate(InputSchema):
-    label: str | None = None
-    description: str | None = None
+    label: NameSafeStr | None = None
+    description: DescriptionSafeStr | None = None
     thumbnail: AnyUrl | None = None
 
     def to_domain_model(self) -> StandardGroupUpdate:
@@ -393,7 +394,7 @@ class GroupUserAdd(InputSchema):
     """
 
     uid: UserID | None = None
-    user_name: Annotated[UserNameID | None, Field(alias="userName")] = None
+    user_name: Annotated[UserNameSafeID | None, Field(alias="userName")] = None
     email: Annotated[
         LowerCaseEmailStr | None,
         Field(
 
@@ -22,7 +22,6 @@
 from pydantic.config import JsonDict
 
 from ..api_schemas_long_running_tasks.tasks import TaskGet
-from ..basic_types import LongTruncatedStr, ShortTruncatedStr
 from ..emails import LowerCaseEmailStr
 from ..folders import FolderID
 from ..groups import GroupID
@@ -41,6 +40,7 @@
     ProjectShareStatus,
     ProjectStateRunningState,
 )
+from ..string_types import LongTruncatedStr, ShortTruncatedStr
 from ..utils._original_fastapi_encoders import jsonable_encoder
 from ..utils.common_validators import (
     empty_str_to_none_pre_validator,
 
@@ -1,7 +1,7 @@
 import re
 from datetime import date, datetime
 from enum import Enum
-from typing import Annotated, Any, Literal, Self, TypeAlias
+from typing import Annotated, Any, Literal, Self
 
 import annotated_types
 from common_library.basic_types import DEFAULT_FACTORY
@@ -11,11 +11,11 @@
 from models_library.rest_filters import Filters
 from models_library.rest_pagination import PageQueryParameters
 from pydantic import (
+    AfterValidator,
     BaseModel,
     ConfigDict,
     EmailStr,
     Field,
-    StringConstraints,
     ValidationInfo,
     field_validator,
     model_validator,
@@ -27,12 +27,18 @@
 from ..groups import AccessRightsDict, Group, GroupID, GroupsByTypeTuple, PrimaryGroupID
 from ..products import ProductName
 from ..rest_base import RequestParameters
+from ..string_types import (
+    GlobPatternSafeStr,
+    SearchPatternSafeStr,
+    validate_input_xss_safety,
+)
 from ..users import (
     FirstNameStr,
     LastNameStr,
     MyProfile,
     UserID,
     UserNameID,
+    UserNameSafeID,
     UserPermission,
     UserThirdPartyToken,
 )
@@ -205,10 +211,21 @@ def from_domain_model(
         )
 
 
+FirstNameSafeStr = Annotated[
+    FirstNameStr,
+    AfterValidator(validate_input_xss_safety),
+]
+
+LastNameSafeStr = Annotated[
+    LastNameStr,
+    AfterValidator(validate_input_xss_safety),
+]
+
+
 class MyProfileRestPatch(InputSchemaWithoutCamelCase):
-    first_name: FirstNameStr | None = None
-    last_name: LastNameStr | None = None
-    user_name: Annotated[IDStr | None, Field(alias="userName", min_length=4)] = None
+    first_name: FirstNameSafeStr | None = None
+    last_name: LastNameSafeStr | None = None
+    user_name: Annotated[UserNameSafeID | None, Field(alias="userName")] = None
     # NOTE: phone is updated via a dedicated endpoint!
 
     privacy: MyProfilePrivacyPatch | None = None
@@ -266,8 +283,7 @@ class UsersGetParams(RequestParameters):
 
 class UsersSearch(InputSchema):
     match_: Annotated[
-        str,
-        StringConstraints(strip_whitespace=True, min_length=1, max_length=80),
+        SearchPatternSafeStr,
         Field(
             description="Search string to match with usernames and public profiles (e.g. emails, first/last name)",
             alias="match",
@@ -318,17 +334,9 @@ class UserAccountReject(InputSchema):
     email: EmailStr
 
 
-GlobString: TypeAlias = Annotated[
-    str,
-    StringConstraints(
-        min_length=3, max_length=200, strip_whitespace=True, pattern=r"^[^%]*$"
-    ),
-]
-
-
 class UserAccountSearchQueryParams(RequestParameters):
     email: Annotated[
-        GlobString | None,
+        GlobPatternSafeStr | None,
         Field(
             description="complete or glob pattern for an email",
         ),
@@ -340,7 +348,7 @@ class UserAccountSearchQueryParams(RequestParameters):
         ),
     ] = None
     user_name: Annotated[
-        GlobString | None,
+        GlobPatternSafeStr | None,
         Field(
             description="complete or glob pattern for a username",
         ),
 
@@ -14,7 +14,6 @@
     SIMPLE_VERSION_RE,
     UUID_RE,
 )
-from .utils.common_validators import trim_string_before
 
 assert issubclass(LogLevel, Enum)  # nosec
 assert issubclass(BootModeEnum, Enum)  # nosec
@@ -151,38 +150,6 @@ def concatenate(*args: "IDStr", link_char: str = " ") -> "IDStr":
         return IDStr(result)
 
 
-_SHORT_TRUNCATED_STR_MAX_LENGTH: Final[int] = 600
-ShortTruncatedStr: TypeAlias = Annotated[
-    str,
-    StringConstraints(strip_whitespace=True),
-    trim_string_before(max_length=_SHORT_TRUNCATED_STR_MAX_LENGTH),
-    annotated_types.doc(
-        """
-        A truncated string used to input e.g. titles or display names.
-        Strips whitespaces and truncate strings that exceed the specified characters limit (curtail_length).
-        Ensures that the **input** data length to the API is controlled and prevents exceeding large inputs silently,
-        i.e. without raising errors.
-        """
-        # SEE https://github.com/ITISFoundation/osparc-simcore/pull/5989#discussion_r1650506583
-    ),
-]
-
-_LONG_TRUNCATED_STR_MAX_LENGTH: Final[int] = 65536  # same as github description
-LongTruncatedStr: TypeAlias = Annotated[
-    str,
-    StringConstraints(strip_whitespace=True),
-    trim_string_before(max_length=_LONG_TRUNCATED_STR_MAX_LENGTH),
-    annotated_types.doc(
-        """
-        A truncated string used to input e.g. descriptions or summaries.
-        Strips whitespaces and truncate strings that exceed the specified characters limit (curtail_length).
-        Ensures that the **input** data length to the API is controlled and prevents exceeding large inputs silently,
-        i.e. without raising errors.
-        """
-    ),
-]
-
-
 # auto-incremented primary-key IDs
 IdInt: TypeAlias = PositiveInt
 PrimaryKeyInt: TypeAlias = PositiveInt