Hi, I'm on Rails 3.2.8 and one of my apps sends some json to create DB objects. What's the best way to sanitize json? I found this post claiming that for json we need to escape manually since json_escape is broken: http://blog.bigbinary.com/2012/05/10/xss-and-rails.html I tried using the sanitize gem (https://github.com/rgrove/sanitize/) but when using it on a json string it returns NoMethodError (undefined method `strip' for #<ActiveSupport::HashWithIndifferentAccess:... Later on I generate json that is presented raw in the browser and part of that json is comming from this initial json so it is vulnerable to XSS. (soon I'll try to get if of the need of using raw). So any general advice how to make sure the json does not contain any malicious code? Or how to use the sanitize gem with json? Cheers.
on 2012-12-08 23:24