Menu
I am trying to sanitize input shortly before marshaling the submitted data into a specified struct.
Here is the model that I am using.
type Post struct {
Id int `json:"Id"`
CreatedAt time.Time `json:"CreatedAt"`
UpdatedAt time.Time `json:"UpdatedAt"`
CreatorId int `json:"CreatorId"`
Creator *User
Editors []int `json:"Editors"`
Status Status `json:"Status"`
Title string `json:"Title"`
ShortDescription string `json:"ShortDescription"`
Description string `json:"Description"`
Content string `json:"Content"`
Url string `json:"Url"`
Media *Media
Categories []Category `json:"Categories"`
Tags []Tag `json:"Tags"`
MediaId int `json:"MediaId"`
Keywords string `json:"Keywords"`
Data []string `json:"Data"`
}
Here is an example of a possible submitted JSON data
{"Id":1,"CreatedAt":"2016-10-11T21:29:46.134+02:00","UpdatedAt":"0001-01-01T00:00:00Z","CreatorId":1,"Editors":null,"Status":1,"Title":"This is the title of the first post, to be changed.<script>alert()</script>","ShortDescription":"this is the short description of this post","Description":"","Content":"Contrary to popular belief Lorem Ipsum is not simply random text. It has roots in a piece of classical Latin literature from 45 BC making it over 2000 years old. Richard McClintock","Url":"lorem-ipsum-first"}
How would I most effectively sanitize the above JSON form data during the ReadJSON request and before data insertion during this process, thus removing any malicious code as seen with <script>alert()</script>.?
If there is any additional information that could be of use please ask and I will be glad to add it.
Thanks
917
Input sanitization is a cybersecurity measure of checking, cleaning, and filtering data inputs from users, APIs, and web services of any unwanted characters and strings to prevent the injection of harmful codes into the system.
The Basics. The first lesson anyone learns when setting up a web-to-database—or anything-to-database gateway where untrusted user input is concerned—is to always, always sanitize every input.
For HTML Sanitizing you could try github.com/microcosm-cc/bluemonday.
For validating JSON input data as per rules you set.
This article is a good read on the topic.
An example from the article.
type User struct {
Name string `json:"name" validate:"nonzero"`
Age uint `json:"age" validate:"min=1"`
Address string `json:"address" validate:"nonzero"`
}
The package used for validation is gopkg.in/validator.v2
Usage :
user := &models.User{}
if err = c.ReadJSON(user); err != nil {
// Handle Error
}
p := bluemonday.UGCPolicy()
user.Name, user.Address = p.Sanitize(user.Name),p.Sanitize(user.Address)
if err = validator.Validate(user); err != nil {
// Handle Error
}
err = db.Create(&user)
if err != nil {
// Handle Error
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
