Sanitize params when using plugin `error_mail`

jeremyevans / roda

Routing Tree Web Toolkit

http://roda.jeremyevans.net

MIT License

2.08k stars 141 forks source link

Sanitize params when using plugin `error_mail` #346

Closed gettalong closed 10 months ago

gettalong commented 10 months ago

I'd like to use the error_mail plugin and I see that it includes the parameters of the request. This is usually fine but can become problematic if the params contain passwords.

What is the preferred way to sanitize the params? Just doing it myself and deleting the problematic entries from params?

jeremyevans commented 10 months ago

I think it would be best to build this into the plugin as an option. We'd want to handle the environment and session values as well, since they could potentially also need sanitization. I'll work on that before the next release.

gettalong commented 10 months ago

This works great, thank you!