How to sanitize html/javascript from request.JSON in grails 3.1.10 restful serviceBest Practices for securing a REST API / web serviceHow do I test for an empty JavaScript object?REST API Best practice: How to accept list of parameter values as inputPosting a File and Associated Data to a RESTful WebService preferably as JSONGrails Integration Test RESTful Services - params Have No ContentHow do I POST JSON data with Curl from a terminal/commandline to Test Spring REST?what's the correct way to send a file from REST web service to client?Rest Service not seeing parameters from Grails Rest Client BuilderGrails Restful Client app, how best to structure OATH and views?Disable RestAuthenticationFilter - Grails Spring Security Rest Plugin
Watching something be piped to a file live with tail
What does “the session was packed” mean in this context?
Mathematica command that allows it to read my intentions
Why doesn't using multiple commands with a || or && conditional work?
Why was the shrinking from 8″ made only to 5.25″ and not smaller (4″ or less)?
Can we compute the area of a quadrilateral with one right angle when we only know the lengths of any three sides?
Is it logically or scientifically possible to artificially send energy to the body?
Why is it a bad idea to hire a hitman to eliminate most corrupt politicians?
Why can't we play rap on piano?
What are some good books on Machine Learning and AI like Krugman, Wells and Graddy's "Essentials of Economics"
Plagiarism or not?
How do conventional missiles fly?
Why is this clock signal connected to a capacitor to gnd?
How seriously should I take size and weight limits of hand luggage?
Reverse dictionary where values are lists
Examples of smooth manifolds admitting inbetween one and a continuum of complex structures
Personal Teleportation: From Rags to Riches
Avoiding the "not like other girls" trope?
Which is the best way to check return result?
Solving a recurrence relation (poker chips)
Is there a hemisphere-neutral way of specifying a season?
GFCI outlets - can they be repaired? Are they really needed at the end of a circuit?
I would say: "You are another teacher", but she is a woman and I am a man
What about the virus in 12 Monkeys?
How to sanitize html/javascript from request.JSON in grails 3.1.10 restful service
Best Practices for securing a REST API / web serviceHow do I test for an empty JavaScript object?REST API Best practice: How to accept list of parameter values as inputPosting a File and Associated Data to a RESTful WebService preferably as JSONGrails Integration Test RESTful Services - params Have No ContentHow do I POST JSON data with Curl from a terminal/commandline to Test Spring REST?what's the correct way to send a file from REST web service to client?Rest Service not seeing parameters from Grails Rest Client BuilderGrails Restful Client app, how best to structure OATH and views?Disable RestAuthenticationFilter - Grails Spring Security Rest Plugin
We have a grails 3.1.10 restful service that takes in json data on the http post. This data can contain html/javascript which is not desired.
Using encodeAsHTML and the xss-sanitizer plugin XssSanitizerUtil.stripXSS methods I can see how to sanitize an individual string, but how can I push this to a higher scope through filters or something so that when request.JSON is used in the controller it has already been sanitized?
Or is there already another easier way to accomplish this?
json rest grails
asked Mar 7 at 22:39
JohnJohn
105
add a comment |
We have a grails 3.1.10 restful service that takes in json data on the http post. This data can contain html/javascript which is not desired.
Using encodeAsHTML and the xss-sanitizer plugin XssSanitizerUtil.stripXSS methods I can see how to sanitize an individual string, but how can I push this to a higher scope through filters or something so that when request.JSON is used in the controller it has already been sanitized?
Or is there already another easier way to accomplish this?
json rest grails
asked Mar 7 at 22:39
JohnJohn
105
add a comment |
We have a grails 3.1.10 restful service that takes in json data on the http post. This data can contain html/javascript which is not desired.
Using encodeAsHTML and the xss-sanitizer plugin XssSanitizerUtil.stripXSS methods I can see how to sanitize an individual string, but how can I push this to a higher scope through filters or something so that when request.JSON is used in the controller it has already been sanitized?
Or is there already another easier way to accomplish this?
json rest grails
asked Mar 7 at 22:39
JohnJohn
105
We have a grails 3.1.10 restful service that takes in json data on the http post. This data can contain html/javascript which is not desired.
Using encodeAsHTML and the xss-sanitizer plugin XssSanitizerUtil.stripXSS methods I can see how to sanitize an individual string, but how can I push this to a higher scope through filters or something so that when request.JSON is used in the controller it has already been sanitized?
Or is there already another easier way to accomplish this?
json rest grails
json rest grails
asked Mar 7 at 22:39
JohnJohn
105
asked Mar 7 at 22:39
JohnJohn
105
edited Mar 8 at 20:40
John
asked Mar 7 at 22:39
JohnJohn
105
asked Mar 7 at 22:39
JohnJohn
105
asked Mar 7 at 22:39
JohnJohn
105
105
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
I created an interceptor to apply to the appropriate controllers. In it I made a copy of the JSON parse(HttpServletRequest request) method. Near the end of the method where it parses the inputStream I plugged in my Sanitizer class that uses xss-sanitizer:
def body = IOUtils.toString(pushbackInputStream, encoding)
def sanitized = Sanitizer.sanitize(body)
json = JSON.parse(sanitized);
answered Mar 11 at 18:00
JohnJohn
105
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55053957%2fhow-to-sanitize-html-javascript-from-request-json-in-grails-3-1-10-restful-servi%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I created an interceptor to apply to the appropriate controllers. In it I made a copy of the JSON parse(HttpServletRequest request) method. Near the end of the method where it parses the inputStream I plugged in my Sanitizer class that uses xss-sanitizer:
def body = IOUtils.toString(pushbackInputStream, encoding)
def sanitized = Sanitizer.sanitize(body)
json = JSON.parse(sanitized);
answered Mar 11 at 18:00
JohnJohn
105
add a comment |
I created an interceptor to apply to the appropriate controllers. In it I made a copy of the JSON parse(HttpServletRequest request) method. Near the end of the method where it parses the inputStream I plugged in my Sanitizer class that uses xss-sanitizer:
def body = IOUtils.toString(pushbackInputStream, encoding)
def sanitized = Sanitizer.sanitize(body)
json = JSON.parse(sanitized);
answered Mar 11 at 18:00
JohnJohn
105
add a comment |
I created an interceptor to apply to the appropriate controllers. In it I made a copy of the JSON parse(HttpServletRequest request) method. Near the end of the method where it parses the inputStream I plugged in my Sanitizer class that uses xss-sanitizer:
def body = IOUtils.toString(pushbackInputStream, encoding)
def sanitized = Sanitizer.sanitize(body)
json = JSON.parse(sanitized);
answered Mar 11 at 18:00
JohnJohn
105
I created an interceptor to apply to the appropriate controllers. In it I made a copy of the JSON parse(HttpServletRequest request) method. Near the end of the method where it parses the inputStream I plugged in my Sanitizer class that uses xss-sanitizer:
def body = IOUtils.toString(pushbackInputStream, encoding)
def sanitized = Sanitizer.sanitize(body)
json = JSON.parse(sanitized);
answered Mar 11 at 18:00
JohnJohn
105
answered Mar 11 at 18:00
JohnJohn
105
answered Mar 11 at 18:00
JohnJohn
105
answered Mar 11 at 18:00
JohnJohn
105
105
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55053957%2fhow-to-sanitize-html-javascript-from-request-json-in-grails-3-1-10-restful-servi%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
