I want to catch any XSS tomfoolery before it gets into the request collection and discard those variables. Where exactly can I do that?
— Adrian
I want to catch any XSS tomfoolery before it gets into the request collection and discard those variables. Where exactly can I do that?
— Adrian
Hi Adrian,
You can use “preProcess” intercept point to clean-up request collection.
Here’s where the actual capture occurs: https://github.com/ColdBox/coldbox-platform/blob/master/system/web/services/RequestService.cfc
I’ve used “onRequestCapture” for general RC clean up, as well for getting PUT/DELETE http content into RC and auto-deserializing incoming JSON.
+1
Thanks!
~Brad
ColdBox Platform Evangelist
Ortus Solutions, Corp
E-mail: brad@coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com