Sanitize json input to a java server
Posted
by morgancodes
on Stack Overflow
See other posts from Stack Overflow
or by morgancodes
Published on 2010-04-02T16:46:29Z
Indexed on
2010/04/04
23:33 UTC
Read the original article
Hit count: 284
I'm using json to pass data between the browser and a java server.
I'm using Json-lib to convert between java objects and json.
I'd like to strip out susupicious looking stuff (i.e "doSomethingNasty().) from the user input while converting from json to java.
I can imagine several points at which I could do this:
- I could examine the raw json string and strip out funny-looking stuff
- I could look for a way to intercept every json value on its way into the java object, and look for funny stuff there.
- I could traverse my new java objects immediately after reconstitution from json, look for any fields that are Strings, and stripp stuff out there.
What's the best approach? Are there any technologies built for this this task that I tack tack on to what I have already?
© Stack Overflow or respective owner