Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Re-evaluate usage of String escaping / cleaning / String.trim #67

Closed
hannesm opened this issue Oct 15, 2024 · 2 comments
Closed

Re-evaluate usage of String escaping / cleaning / String.trim #67

hannesm opened this issue Oct 15, 2024 · 2 comments
Assignees
@hannesm
Labels
security Something potentially related to security

Comments

@hannesm
Copy link
Contributor

hannesm commented Oct 15, 2024

Carefully review and try to remove the amount of sanitization we need to do. Best find a way / API where we don't need to do pre/post cleaning.

Otherwise this may open the door for attackers (when multiple different inputs lead to the same result)...
@hannesm hannesm added the security Something potentially related to security label Oct 15, 2024
@hannesm hannesm changed the title String escaping / cleaning / String.trim Re-evaluate usage of String escaping / cleaning / String.trim Oct 15, 2024
@hannesm hannesm mentioned this issue Oct 15, 2024
Merged
@hannesm
Copy link
Contributor Author

hannesm commented Oct 28, 2024

Addressed in #80. Though there are still some String.trim for the cookies in Middleware.

@hannesm hannesm mentioned this issue Oct 29, 2024
Merged
@hannesm
Copy link
Contributor Author

hannesm commented Oct 29, 2024

Now with #81 all of these are gone.

@hannesm hannesm closed this as completed Oct 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hannesm hannesm

Labels
security Something potentially related to security
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hannesm