-
Notifications
You must be signed in to change notification settings - Fork 66
/
Copy pathinput.go
43 lines (39 loc) · 1004 Bytes
/
input.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
// Copyright 2015, Yahoo Inc. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package webseclab
import (
"net/http"
"strings"
)
// ParseRawQuery is copied from net/url parseQuery
// but without unescaping keys/values.
func ParseRawQuery(m map[string][]string, query string) {
for query != "" {
key := query
if i := strings.Index(key, "&"); i >= 0 {
key, query = key[:i], key[i+1:]
} else {
query = ""
}
if key == "" {
continue
}
value := ""
if i := strings.Index(key, "="); i >= 0 {
key, value = key[:i], key[i+1:]
}
m[key] = append(m[key], value)
}
}
// Input extracts the escaped and "raw" values of in parameters
func Input(r *http.Request) *InData {
rawParams := make(map[string][]string)
ParseRawQuery(rawParams, r.URL.RawQuery)
input := InData{In: r.FormValue("in")}
inputRaw, ok := rawParams["in"]
if ok && len(inputRaw) > 0 {
input.InRaw = inputRaw[0]
}
return &input
}