I have to send a POST request to some service with JSON payload, and it includes some user input. That input variable needs to be JSON-encoded to prevent injection attacks.
Code example that sends requests and parses response JSON to RESP variable:
RESP=`curl --connect-timeout "10" -s -H "Content-Type: application/json" \
-X POST -d '{ "Attribute": '"'$USERINPUT'" }',\
$ENDPOINT | $JQ -r '.key'`
How to sanitize, or JSON encode, $USERINPUT
before creating JSON payload?
Best Answer
Using the
jo
utility, the sanitized JSON document could be constructed usingYou would then use
-d "$data"
withcurl
to pass this to the end point.Old answer using
jq
instead ofjo
:Using
jq
:This string has a couple of double quotes, an EOT character, a newline, a tab and a single quote, along with some ordinary text.
This builds a JSON object containing the user data as the value for the lone
Attribute
field.The same thing using short options:
From this we get
as the value in
$data
.This can now be used in your call to
curl
: