Historian API: Escape tag names - Githubissues

Hurence / logisland.historian

a (big) data historian for IIoT

Apache License 2.0

6 stars 6 forks source link

Historian API: Escape tag names #74

Open amarziali opened 6 years ago

amarziali commented 6 years ago

USER STORY

As a logisland historian rest api, I would like to have resources like tag names to be automatically escaped in order to avoid injections.

Example:

http://localhost:8701/api/v1/tags/"Saw-toothed Waves.Real8"/mesures

In the case above I should not need to quote the tag name because it contains whitespaces.

ACCEPTANCE CRITERIA

Nothing part of the URL should be injected as part as the chronix query.
Any path variable should be escaped.

DEFINITION OF DONE

Code builds without warnings (technical task)
Code unit tested (technical task)
Code is reviewed by a peer colleague
Documentation updated (user story)
Build pushed to demo server (user story)