silverstripe-restfulapi
silverstripe-restfulapi copied to clipboard
Do not return malformed parameters back to the user.
Returning malformed parameters in error-messages opens a door for XSS attacks. If the "model" or "ID" parameter contains malicious code and a developer displays error-messages in his application, there's the potential for an XSS attack.