Skip to content

Add JSON sanitization for user input before API calls #83

Description

@sfloess

Part of #21: MEDIUM: No input validation before API calls

Scope

Ensure user-provided text is properly sanitized/escaped before being embedded in JSON request bodies sent to AI APIs.

What to do

  • Audit how user messages are embedded into JSON request bodies in each AI client
  • Ensure proper JSON string escaping (control characters, quotes, backslashes, Unicode)
  • Use a JSON library (e.g., Jackson, Gson, org.json) for request construction rather than string concatenation
  • Handle encoding edge cases (invalid UTF-8 sequences, BOM characters)

Acceptance criteria

  • User messages with special characters (quotes, backslashes, newlines, Unicode) are correctly escaped
  • No malformed JSON is sent to any API
  • JSON construction uses a library, not string concatenation
  • Unit tests cover edge cases (emoji, multi-byte characters, control chars)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions