Hi, I'm on Rails 3.2.8 and one of my apps sends some json to create DB objects. What's the best way to sanitize json? I found this post claiming that for json we need to escape manually since json_escape is broken: http://blog.bigbinary.com/2012/05/10/xss-and-rails.html I tried using the sanitize gem (https://github.com/rgrove/sanitize/) but when using it on a json string it returns NoMethodError (undefined method `strip' for #<ActiveSupport::HashWithIndifferentAccess:... Later on I generate json that is presented raw in the browser and part of that json is comming from this initial json so it is vulnerable to XSS. (soon I'll try to get if of the need of using raw). So any general advice how to make sure the json does not contain any malicious code? Or how to use the sanitize gem with json? Cheers.
on 2012-12-08 23:24
Enable email notification
Enable multi-page viewPlease log in before posting. Registration is free and takes only a minute.
Existing account
(Switch to SSL-encrypted connection)
NEW: Do you have a Google/GoogleMail or Yahoo account? No registration required!
Log in with Google account | Log in with Yahoo account
Log in with Google account | Log in with Yahoo account
No account? Register here.