Closed teropa closed 11 years ago
Generally we should whitelist what kind of parameters (and their values) we send to HSL and other upstream APIs. We don't want to pass any old garbage we might get to our service providers.
Generally we should whitelist what kind of parameters (and their values) we send to HSL and other upstream APIs. We don't want to pass any old garbage we might get to our service providers.