libwebsockets
Lightweight C library for HTML5 websockets
Sanitize / purify SQL and JSON helpers

Functions

LWS_VISIBLE LWS_EXTERN const char * lws_sql_purify (char *escaped, const char *string, int len)
 
LWS_VISIBLE LWS_EXTERN const char * lws_json_purify (char *escaped, const char *string, int len)
 
LWS_VISIBLE LWS_EXTERN void lws_filename_purify_inplace (char *filename)
 
LWS_VISIBLE LWS_EXTERN int lws_plat_write_cert (struct lws_vhost *vhost, int is_key, int fd, void *buf, int len)
 
LWS_VISIBLE LWS_EXTERN int lws_plat_write_file (const char *filename, void *buf, int len)
 
LWS_VISIBLE LWS_EXTERN int lws_plat_read_file (const char *filename, void *buf, int len)
 
LWS_VISIBLE LWS_EXTERN int lws_plat_recommended_rsa_bits (void)
 

Detailed Description

Sanitize / purify SQL and JSON helpers

APIs for escaping untrusted JSON and SQL safely before use

Function Documentation

◆ lws_filename_purify_inplace()

LWS_VISIBLE LWS_EXTERN void lws_filename_purify_inplace ( char *  filename)

#include <include/libwebsockets/lws-purify.h>

lws_filename_purify_inplace() - replace scary filename chars with underscore

Parameters
filenamefilename to be purified

Replace scary characters in the filename (it should not be a path) with underscore, so it's safe to use.

◆ lws_json_purify()

LWS_VISIBLE LWS_EXTERN const char* lws_json_purify ( char *  escaped,
const char *  string,
int  len 
)

#include <include/libwebsockets/lws-purify.h>

lws_json_purify() - like strncpy but with escaping for json chars

Parameters
escapedoutput buffer
stringinput buffer ('/0' terminated)
lenoutput buffer max length

Because escaping expands the output string, it's not possible to do it in-place, ie, with escaped == string

◆ lws_sql_purify()

LWS_VISIBLE LWS_EXTERN const char* lws_sql_purify ( char *  escaped,
const char *  string,
int  len 
)

#include <include/libwebsockets/lws-purify.h>

lws_sql_purify() - like strncpy but with escaping for sql quotes

Parameters
escapedoutput buffer
stringinput buffer ('/0' terminated)
lenoutput buffer max length

Because escaping expands the output string, it's not possible to do it in-place, ie, with escaped == string