How to sanitize html/javascript from request.JSON in grails 3.1.10 restful serviceBest Practices for securing a REST API / web serviceHow do I test for an empty JavaScript object?REST API Best practice: How to accept list of parameter values as inputPosting a File and Associated Data to a RESTful WebService preferably as JSONGrails Integration Test RESTful Services - params Have No ContentHow do I POST JSON data with Curl from a terminal/commandline to Test Spring REST?what's the correct way to send a file from REST web service to client?Rest Service not seeing parameters from Grails Rest Client BuilderGrails Restful Client app, how best to structure OATH and views?Disable RestAuthenticationFilter - Grails Spring Security Rest Plugin

Watching something be piped to a file live with tail

What does “the session was packed” mean in this context?

Mathematica command that allows it to read my intentions

Why doesn't using multiple commands with a || or && conditional work?

Why was the shrinking from 8″ made only to 5.25″ and not smaller (4″ or less)?

Can we compute the area of a quadrilateral with one right angle when we only know the lengths of any three sides?

Is it logically or scientifically possible to artificially send energy to the body?

Why is it a bad idea to hire a hitman to eliminate most corrupt politicians?

Why can't we play rap on piano?

What are some good books on Machine Learning and AI like Krugman, Wells and Graddy's "Essentials of Economics"

Plagiarism or not?

How do conventional missiles fly?

Why is this clock signal connected to a capacitor to gnd?

How seriously should I take size and weight limits of hand luggage?

Reverse dictionary where values are lists

Examples of smooth manifolds admitting inbetween one and a continuum of complex structures

Personal Teleportation: From Rags to Riches

Avoiding the "not like other girls" trope?

Which is the best way to check return result?

Solving a recurrence relation (poker chips)

Is there a hemisphere-neutral way of specifying a season?

GFCI outlets - can they be repaired? Are they really needed at the end of a circuit?

I would say: "You are another teacher", but she is a woman and I am a man

What about the virus in 12 Monkeys?



How to sanitize html/javascript from request.JSON in grails 3.1.10 restful service


Best Practices for securing a REST API / web serviceHow do I test for an empty JavaScript object?REST API Best practice: How to accept list of parameter values as inputPosting a File and Associated Data to a RESTful WebService preferably as JSONGrails Integration Test RESTful Services - params Have No ContentHow do I POST JSON data with Curl from a terminal/commandline to Test Spring REST?what's the correct way to send a file from REST web service to client?Rest Service not seeing parameters from Grails Rest Client BuilderGrails Restful Client app, how best to structure OATH and views?Disable RestAuthenticationFilter - Grails Spring Security Rest Plugin













0















We have a grails 3.1.10 restful service that takes in json data on the http post. This data can contain html/javascript which is not desired.



Using encodeAsHTML and the xss-sanitizer plugin XssSanitizerUtil.stripXSS methods I can see how to sanitize an individual string, but how can I push this to a higher scope through filters or something so that when request.JSON is used in the controller it has already been sanitized?



Or is there already another easier way to accomplish this?






json rest grails







share|improve this question




























    0















    We have a grails 3.1.10 restful service that takes in json data on the http post. This data can contain html/javascript which is not desired.



    Using encodeAsHTML and the xss-sanitizer plugin XssSanitizerUtil.stripXSS methods I can see how to sanitize an individual string, but how can I push this to a higher scope through filters or something so that when request.JSON is used in the controller it has already been sanitized?



    Or is there already another easier way to accomplish this?






    json rest grails







    share|improve this question


























      0












      0








      0


      0






      We have a grails 3.1.10 restful service that takes in json data on the http post. This data can contain html/javascript which is not desired.



      Using encodeAsHTML and the xss-sanitizer plugin XssSanitizerUtil.stripXSS methods I can see how to sanitize an individual string, but how can I push this to a higher scope through filters or something so that when request.JSON is used in the controller it has already been sanitized?



      Or is there already another easier way to accomplish this?






      json rest grails







      share|improve this question
















      We have a grails 3.1.10 restful service that takes in json data on the http post. This data can contain html/javascript which is not desired.



      Using encodeAsHTML and the xss-sanitizer plugin XssSanitizerUtil.stripXSS methods I can see how to sanitize an individual string, but how can I push this to a higher scope through filters or something so that when request.JSON is used in the controller it has already been sanitized?



      Or is there already another easier way to accomplish this?






      json rest grails




      json rest grails






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Mar 8 at 20:40







      John

















      asked Mar 7 at 22:39









      JohnJohn

      105




      105






















          1 Answer
          1






          active

          oldest

          votes


















          0














          I created an interceptor to apply to the appropriate controllers. In it I made a copy of the JSON parse(HttpServletRequest request) method. Near the end of the method where it parses the inputStream I plugged in my Sanitizer class that uses xss-sanitizer:



          def body = IOUtils.toString(pushbackInputStream, encoding)
          def sanitized = Sanitizer.sanitize(body)
          json = JSON.parse(sanitized);





          share|improve this answer























            Your Answer






            StackExchange.ifUsing("editor", function ()
            StackExchange.using("externalEditor", function ()
            StackExchange.using("snippets", function ()
            StackExchange.snippets.init();
            );
            );
            , "code-snippets");

            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "1"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55053957%2fhow-to-sanitize-html-javascript-from-request-json-in-grails-3-1-10-restful-servi%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            I created an interceptor to apply to the appropriate controllers. In it I made a copy of the JSON parse(HttpServletRequest request) method. Near the end of the method where it parses the inputStream I plugged in my Sanitizer class that uses xss-sanitizer:



            def body = IOUtils.toString(pushbackInputStream, encoding)
            def sanitized = Sanitizer.sanitize(body)
            json = JSON.parse(sanitized);





            share|improve this answer



























              0














              I created an interceptor to apply to the appropriate controllers. In it I made a copy of the JSON parse(HttpServletRequest request) method. Near the end of the method where it parses the inputStream I plugged in my Sanitizer class that uses xss-sanitizer:



              def body = IOUtils.toString(pushbackInputStream, encoding)
              def sanitized = Sanitizer.sanitize(body)
              json = JSON.parse(sanitized);





              share|improve this answer

























                0












                0








                0







                I created an interceptor to apply to the appropriate controllers. In it I made a copy of the JSON parse(HttpServletRequest request) method. Near the end of the method where it parses the inputStream I plugged in my Sanitizer class that uses xss-sanitizer:



                def body = IOUtils.toString(pushbackInputStream, encoding)
                def sanitized = Sanitizer.sanitize(body)
                json = JSON.parse(sanitized);





                share|improve this answer













                I created an interceptor to apply to the appropriate controllers. In it I made a copy of the JSON parse(HttpServletRequest request) method. Near the end of the method where it parses the inputStream I plugged in my Sanitizer class that uses xss-sanitizer:



                def body = IOUtils.toString(pushbackInputStream, encoding)
                def sanitized = Sanitizer.sanitize(body)
                json = JSON.parse(sanitized);






                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Mar 11 at 18:00









                JohnJohn

                105




                105





























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55053957%2fhow-to-sanitize-html-javascript-from-request-json-in-grails-3-1-10-restful-servi%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    AWS Lex not identifying response if by a variable The 2019 Stack Overflow Developer Survey Results Are In Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) The Ask Question Wizard is Live! Data science time! April 2019 and salary with experienceEnforcing custom enumeration in AWS LEX for slot valuesHow to give response based on user response in Amazon Lex?Intercepting AWS Lambda Response to a AWS Lex QueryLex chat bot error: Reached second execution of fulfillment lambda on the same utteranceamazon lex showing invalid responseLambda response send back to Lex slot?Response card in Amazon lexAmazon Lex - Lambda response return HTML to botHow can I solve 424 (Failed Dependency) (python) obtained from Amazon lex?

                    Image
                    Do working physicists consider Newtonian mechanics to be "falsified"? Match Roman Numerals Derivation tree not rendering How can I protect witches in combat who wear limited clothing? Is above average number of years spent on PhD considered a red flag in future academia or industry positions? Relations between two reciprocal partial derivatives? Take groceries in checked luggage He got a vote 80% that of Emmanuel Macron’s Why not take a picture of a closer black hole? Is every episode of "Where are my Pants?" identical? Problems with Ubuntu mount /tmp Why is superheterodyning better than direct conversion? Are spiders unable to hurt humans, especially very small spiders? Can undead you have reanimated wait inside a portable hole? What is special about square numbers here? Python - Fishing Simulator Is this wall load bearing? Blueprints and photos attached Can a 1st-level character have an ability score above 18? Semisimplicity of ...
                    Read more

                    Алба-Юлія

                    Image
                    Алба-Юлія рум.  Alba Iulia герб прапор Православний собор в Алба-Юлії Основні дані 46°04′35″ пн. ш. 23°34′22″ сх. д.  /  46.07638888891677453° пн. ш. 23.57277777780577921° сх. д.  / 46.07638888891677453; 23.57277777780577921 Координати: 46°04′35″ пн. ш. 23°34′22″ сх. д.  /  46.07638888891677453...
                    Read more

                    Захаров Федір Захарович

                    Image
                    Федір Захарович Захаров Федір Захаров, 1986 рік Народження 5 вересня 1919 ( 1919-09-05 ) Олександрівське [d] , Смоленська губернія , Російська СФРР Смерть 29 вересня 1997 ( 1997-09-29 ) (78 років)   Ялта , Автономн...
                    Read more