Sanitize request parameters via filters #9561
Replies: 2 comments 4 replies
-
call |
Beta Was this translation helpful? Give feedback.
-
Using micronaut http 4 However I would recommend against sanitizing in a filter, because it is error-prone. If your logic does not match that of the argument binder exactly, it may be possible for an attacker to bypass your sanitization and pass an unsafe value to the controller. For example, if you forget the explicit |
Beta Was this translation helpful? Give feedback.
-
Hi, taking an example of a GET request with URI parameters (say a URI like
GET /maps?name=unitedstates%20
) I want to add a filter which sanitizes the value of thename
parameter likeString::trim
.I tried writing a filter like this:
However, it doesnot seem to do the trick. Am I missing something here?
Also, what approach do I take for POST requests?
Thanks!
Beta Was this translation helpful? Give feedback.
All reactions