A directory populated with one-word or blank descriptions is functionally indistinguishable from spam. Google treats thin content as low-quality and suppresses the entire directory in search results, not just the bad listings. Users who click through to a listing with no real description bounce in under five seconds, hurting engagement metrics that feed back into ranking. Competitors with enforced minimums outrank you for the same keyword terms because their pages carry enough tokens for semantic relevance.
High because thin descriptions drag down site-wide SEO and let spam submissions pass through as legitimate listings.
Enforce a minimum length on the server before the row touches the database, and mirror the constraint on the form with a Zod schema so the client catches it first. Client-side minLength alone is trivially bypassable; attackers POST directly to the API. Add the check to src/lib/validation/listing.ts and reuse the schema in both the form handler and the API route.
import { z } from 'zod'
export const ListingSchema = z.object({
description: z.string().min(50, 'Description must be at least 50 characters').max(5000)
})
const result = ListingSchema.safeParse(await req.json())
if (!result.success) return NextResponse.json(result.error, { status: 400 })
ID: directory-listing-schema.content-completeness.description-length
Severity: high
What to look for: Enumerate all listing descriptions. For each, check the submission form or API validation. Look for a minimum length requirement on the description field (e.g., min 50 characters). Verify that short descriptions are rejected or flagged as incomplete during moderation.
Pass criteria: The submission form or API enforces a minimum description length (e.g., at least 50-100 characters) and rejects or flags very short descriptions — at least 50 characters and no more than 5000 characters per description. Report: "X descriptions found, all Y meet length requirements."
Fail criteria: No minimum length is enforced, allowing single-word or empty descriptions to be submitted.
Do NOT pass when: Client-side validation exists but server-side validation is missing — descriptions must be validated on the server before storage.
Skip (N/A) when: Descriptions are not required.
Detail on fail: Example: "No minimum length validation on description. Submissions accepted with single-word descriptions"
Remediation: Add validation to the submission form and API:
const MIN_DESCRIPTION_LENGTH = 50
if (!data.description || data.description.length < MIN_DESCRIPTION_LENGTH) {
throw new Error(`Description must be at least ${MIN_DESCRIPTION_LENGTH} characters`)
}
<textarea
name="description"
minLength={50}
/>