[coldbox-3.6] Where exactly does ColdBox set rc.foo = [url|form].foo?

I want to catch any XSS tomfoolery before it gets into the request collection and discard those variables. Where exactly can I do that?

— Adrian

Hi Adrian,

You can use “preProcess” intercept point to clean-up request collection.

Here’s where the actual capture occurs: https://github.com/ColdBox/coldbox-platform/blob/master/system/web/services/RequestService.cfc

I’ve used “onRequestCapture” for general RC clean up, as well for getting PUT/DELETE http content into RC and auto-deserializing incoming JSON.




ColdBox Platform Evangelist
Ortus Solutions, Corp

E-mail: brad@coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com