Validate RPC method for XSS

[madhav165]

🐛 Bug-fix PR

---

📌 Summary

RPC request method will be validated to check for XSS issues and method being part of valid characters

🐞 Root Cause

No validator for RPC request

💡 Fix Description

1. Using schemas.py RPCRequest validator to validate method
2. Included XSS validation in addition to character validation for RPCRequest method

🧪 Verification

Check	Command	Status
Unit tests	make test	pass

📐 MCP Compliance (if relevant)

• Matches current MCP spec
• No breaking change to MCP clients

✅ Checklist

• Code formatted (make black isort pre-commit)
• No secrets/credentials committed

[crivetimihai]

filter worked, passed doctest test

[crivetimihai]

Trips up on t his:

18:29:31 - root - INFO - :outbox_tray: RPC request: {
  "jsonrpc": "2.0",
  "id": 1,
  "method": "smoketest-time-server-get-current-time",
  "params": {
    "timezone": "Europe/Dublin"
  }
}
18:29:32 - root - INFO - → POST /rpc 422 17 ms
18:29:32 - root - INFO - :inbox_tray: RPC response: {
  "message": "Method invalid"
}
18:29:32 - root - ERROR - :x:  Failure: Missing 'content' in tool response. Got: {'message': 'Method invalid'}
Traceback (most recent call last):
  File "/home/cmihai/github/mcp-context-forge/./smoketest.py", line 585, in main
    fn()
  File "/home/cmihai/github/mcp-context-forge/./smoketest.py", line 465, in step_8_invoke_tool
    raise RuntimeError(f"Missing 'content' in tool response. Got: {result}")
RuntimeError: Missing 'content' in tool response. Got: {'message': 'Method invalid'}

[madhav165]

@crivetimihai Will rebase after PR #618 is merged and test this.

[madhav165]

@crivetimihai Fixed the issue with smoketest. Looks like methods with - were not being allowed.

[crivetimihai]

OK, are we good to merge this then?