Skip to content

Instantly share code, notes, and snippets.

@dwaltrip

dwaltrip/application_controller.rb Secret

Last active November 14, 2016 00:14
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dwaltrip/fd5e7ef420c401851fd4 to your computer and use it in GitHub Desktop.
Save dwaltrip/fd5e7ef420c401851fd4 to your computer and use it in GitHub Desktop.
Download ZIP
Using filters to automatically add a string to JSON responses in order to prevent certain type of XSS attack
Raw
application_controller.rb
class ApplicationController < ActionController::Base
after_filter :protect_json
private
def protect_json
if response.content_type == "application/json"
response.body = ")]}',\n" + response.body
end
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment