Our site has a few forms where we basically proxy data between our backbone UI and a remote 3rd party API. We do this because the remote api only works with XML, but our UI is backbone, so the RoR controller on those calls preety much just converts the Json for the form to XML for the remote API. So our stack looks like this:
Backbone.js Form (posts JSON) > Rails 3 controller (activeresource posts XML) > remote API
We want to prevent any embedded XSS from being sent to the remote APIs, as well as remove (or disable) any already existing XSS that might be in the XML coming from the remote APIs (there are a few different API endpoints we connect with).
Since it's not hard for someone with a rest client to post directly to our RoR controller actions, it seems like we would want to handle it there.
We would also like to abstract this functionality so we aren't individually maintaining each get/post action for each api call.
Does anyone know of a way to clean xss in JSON and/or XML in ruby/rails/activeresource
Thanks in advance
Aucun commentaire:
Enregistrer un commentaire