Could you provide an example of where this is needed?
I'm not going to give an example of the standard validator being not strict enough, since that would be a security vulnerability. The idea is that at least you have a workaround to block this vulnerability if this happens (for example, we could simply indicate in the advisory a regex to put in that configuration as a workaround).
For the too strict aspect, a simple example is something the validator cannot know: you introduce some custom table, and you consider it's safe to let users without programming right select it some columns in it.
This message was sent by Atlassian Jira (v9.3.0#930000-sha1:287aeb6)
If image attachments aren't displayed, see this article.
