search

dvwright / xss-mw

XssMw is an middleware designed to "auto remove XSS" from user submitted input, it’s written in Go and targets the Gin web framework.
MIT License
33 stars 12 forks source link

make nested work #3

Closed dvwright closed 6 years ago

dvwright commented 6 years ago

This change is working with new nested test case, it supports some nested structures but is not recursive and won't work for all nested json structures. Needs more testing before merge.

{
  "id": 1,
  "users": [
    {
      "id": 1,
      "flt": 1.345,
      "user": "TestUser1",
      "email": "testUser1@example.com",
      "password": "!@$%^ASDF<html>1",
      "cre_at": 1481017167,
      "comment": ""
    },
    {
      "id": 2,
      "flt": 2.345,
      "user": "TestUser2",
      "email": "testUser2@example.com",
      "password": "!@$%^ASDF<html>2",
      "cre_at": 1481017167,
      "comment": ""
    }
  ]
}
dvwright commented 6 years ago

closer, can parse this:

{
"id": "0001",
"type": "donut",
"name": "Cake",
"ppu": 0.55,
"batters":
    {
        "batter":
            [
                { "id": "1001", "type": "Regular" },
                { "id": "1002", "type": "Chocolate" },
                { "id": "1003", "type": "Blueberry" },
                { "id": "1004", "type": "Devil's Food" }
            ]
    },
"topping":
    [
        { "id": "5001", "type": "None" },
        { "id": "5002", "type": "Glazed" },
        { "id": "5005", "type": "Sugar" },
        { "id": "5007", "type": "Powdered Sugar" },
        { "id": "5006", "type": "Chocolate with Sprinkles" },
        { "id": "5003", "type": "Chocolate" },
        { "id": "5004", "type": "Maple" }
    ]
}