From 521465c2d97c25f90d51c3e9e26307f28e1a5370 Mon Sep 17 00:00:00 2001
From: CaffeineFueled <hello@uphillsecurity.com>
Date: Mon, 25 May 2026 14:24:20 +0200
Subject: [PATCH] ux: CHANGE fail if invalid UTF8 to prevent tampered data #25

---
 main.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/main.py b/main.py
index ec37f11..f5049ca 100644
--- a/main.py
+++ b/main.py
@@ -265,7 +265,15 @@ async def upload_text(request: Request, authorized: bool = Depends(validate_uplo
             raise HTTPException(status_code=413, detail="Payload too large")
         chunks.append(chunk)
     body = b"".join(chunks)
-    content = body.decode('utf-8', errors='ignore')
+    try:
+        content = body.decode('utf-8', errors='strict')
+    except UnicodeDecodeError:
+        log("WARNING", "upload_failed",
+            client_ip=client_ip,
+            user_agent=user_agent,
+            reason="invalid_utf8",
+            size_bytes=total)
+        raise HTTPException(status_code=400, detail="Invalid UTF-8 content")
 
     if not validate_content(content):
         log("WARNING", "upload_failed",