forked from hidek/Catalyst-Plugin-HTML-Scrubber
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Scrub body_data / data params too (e.g. POSTed JSON) #3
Merged
bigpresh
merged 8 commits into
master
from
bigpresh/scrub_deserialised_body_data_params
Sep 18, 2023
Merged
Scrub body_data / data params too (e.g. POSTed JSON) #3
bigpresh
merged 8 commits into
master
from
bigpresh/scrub_deserialised_body_data_params
Sep 18, 2023
Commits on Sep 18, 2023
-
Scrub body_data params too (e.g. POSTed JSON)
If we have `$c->req->body_data` - for e.g. the request was a POST with a JSON body which Catalyst has decoded into `$c->req->body_data` - then scrub HTML in there too (but applying the same `ignore_params` checks so that you can exempt certain JSON body params from scrubbing). Also moved the ignore_params tests into t/03_params.t, and added the tests for this new feature there too - don't need so many individual test apps, when most features can be tested with a single test app.
Configuration menu - View commit details
-
Copy full SHA for cffe04c - Browse repository at this point
Copy the full SHA cffe04cView commit details -
Compare request statuses more usefully
Use `is()` not `ok()` so that, if the request status is *not* what we expect, we get to see what it actually was.
Configuration menu - View commit details
-
Copy full SHA for 00393c8 - Browse repository at this point
Copy the full SHA 00393c8View commit details -
Support scrubbing $c->req->data from C::Action::REST
If Catalyst::Action::REST / Catalyst::Controller::REST is in use, the request object will have a `data()` method for deserialised data as added by the Catalyst::TraitFor::Request::REST role which ought to be scrubbed too. To support this, (a) the scrubbing needs to happen later in the request flow - now `hooking dispatch()` instead of `prepare_parameters()` (b) to avoid the data not being read if the request body had already been read by `$c->req->body_data`, the fix in this PR is needed: perl-catalyst/catalyst-runtime/pull/186 Until such time, dirtily monkey-patch the `seek()` in.
Configuration menu - View commit details
-
Copy full SHA for 2b6ea03 - Browse repository at this point
Copy the full SHA 2b6ea03View commit details -
This seems to be the right time to go scrubbing, without the scrubbed data getting accidentally clobbered, and/or happening too late.
Configuration menu - View commit details
-
Copy full SHA for 222e5d5 - Browse repository at this point
Copy the full SHA 222e5d5View commit details -
Catalyst needs to be loaded for us to load.
Our monkey-patch pokes at Catalyst, so Catalyst needs to be loaded first. In the usual way of loading the plugin, e.g. listing the plugins you want on the `use Catalyst` line, that's fine, but here we're testing just that the plugin compiles, so we will need to load Catalyst first.
Configuration menu - View commit details
-
Copy full SHA for c464756 - Browse repository at this point
Copy the full SHA c464756View commit details -
Yes, we're redefining a sub, intentionally, to monkey-patch, so silence that warning.
Configuration menu - View commit details
-
Copy full SHA for 5bd94a6 - Browse repository at this point
Copy the full SHA 5bd94a6View commit details -
Configuration menu - View commit details
-
Copy full SHA for d008d5e - Browse repository at this point
Copy the full SHA d008d5eView commit details -
Configuration menu - View commit details
-
Copy full SHA for 4330290 - Browse repository at this point
Copy the full SHA 4330290View commit details
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.