1 files changed, 13 insertions, 11 deletions

diff --git a/stdlib/source/lux/world/net/http/route.lux b/stdlib/source/lux/world/net/http/route.lux
index 188508a5d..e430b9739 100644
--- a/stdlib/source/lux/world/net/http/route.lux
+++ b/stdlib/source/lux/world/net/http/route.lux
@@ -3,7 +3,9 @@
    [control
     [monad (#+ do)]
     [concurrency
-     ["." promise]]]
+     ["." promise]]
+    [security
+     ["." taint]]]
    [data
     ["." maybe]
     ["." text ("text/." Equivalence<Text>)]]]
@@ -15,7 +17,7 @@
   [(def: #export (<name> server)
      (-> Server Server)
      (function (_ request)
-       (let [[identification protocol resource message] request]
+       (let [[identification protocol resource message] (taint.trust request)]
          (case (get@ #//.scheme protocol)
            <scheme>
            (server request)
@@ -31,7 +33,7 @@
   [(def: #export (<name> server)
      (-> Server Server)
      (function (_ request)
-       (let [[identification protocol resource message] request]
+       (let [[identification protocol resource message] (taint.trust request)]
          (case (get@ #//.method resource)
            <method>
            (server request)
@@ -53,7 +55,7 @@
 (def: #export (uri path server)
   (-> URI Server Server)
   (function (_ request)
-    (let [[identification protocol resource message] request]
+    (let [[identification protocol resource message] (taint.trust request)]
       (if (text/= path (get@ #//.uri resource))
         (server request)
         (promise.resolved //response.not-found)))))
@@ -61,14 +63,14 @@
 (def: #export (sub path server)
   (-> URI Server Server)
   (function (_ request)
-    (let [[identification protocol resource message] request]
+    (let [[identification protocol resource message] (taint.trust request)]
       (if (text.starts-with? path (get@ #//.uri resource))
-        (server [identification
-                 protocol
-                 (update@ #//.uri
-                          (|>> (text.clip' (text.size path)) maybe.assume)
-                          resource)
-                 message])
+        (server (taint.taint [identification
+                              protocol
+                              (update@ #//.uri
+                                       (|>> (text.clip' (text.size path)) maybe.assume)
+                                       resource)
+                              message]))
         (promise.resolved //response.not-found)))))
 
 (def: #export (or primary alternative)