bq. Could you provide an example of where this is needed?
I'm not going to give an example of the standard validator being not strict enough, since that would be a security vulnerability. The idea is that at least you have a workaround to block this vulnerability if this happens (for example, we could simply indicate in the advisory a regex to put in that configuration as a workaround).
For the too strict aspect, a simple example is something the validator cannot know: you introduce some custom table, and you consider it's safe to let users without programming right select it some of its columns in it.
This message was sent by Atlassian Jira (v9.3.0#930000-sha1:287aeb6)
If image attachments aren't displayed, see this article.
