Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →

disinfect

Package Overview

Dependencies

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

disinfect

Request query, payload, and params sanitization

2.0.0
latest
Source
npm

Version published: 2 years ago

Maintainers: 1

Created: 8 years ago

Source

disinfect

Hapi plugin to apply Google's Caja HTML Sanitizer on route query, payload, and params.

Capable for custom sanitization and per-route configuration.
Can also be used for input formatting using the custom sanitizer option.
Can be disabled per route.

Usage

const registerPlugins = async (server) => Promise.all([
    server.register({
        plugin: require('disinfect'),
        options: {
            disinfectQuery: true,
            disinfectParams: true,
            disinfectPayload: true
        }
    })
]);

registerPlugins(server)
    .then(() => {
        // ...
    })
    .catch((err) => {
        // ...
    })

Glue manifest

register: {
    plugins: [
        {
            plugin: require('disinfect'),
            options: {
                disinfectQuery: true,
                disinfectParams: true,
                disinfectPayload: true
            }
        }
    ]
}

Options

deleteEmpty - remove empty query or payload keys.
deleteWhitespace - remove whitespace query, payload, or params keys.
disinfectQuery - sanitize query strings.
disinfectParams - sanitize url params.
disinfectPayload - sanitize payload.
genericSanitizer - custom synchronous function to do the sanitization of query, payload, and params.
querySanitizer - custom synchronous function to do the sanitization of query strings.
paramsSanitizer - custom synchronous function to do the sanitization of url params.
payloadSanitizer - custom synchronous function to do the sanitization of payload.

deleteEmpty and deleteWhitespace defaults to false.

disinfectQuery, disinfectParams, and disinfectPayload defaults to false. If set to true, object will be passed to caja first before custom sanitizers.

dirtyObject ->`Caja` sanitizer -> `genericSanitizer` -> `query-`, `params-`, or `payload-` sanitizer -> deleteWhitespace -> deleteEmpty -> cleanObject.

genericSanitizer, querySanitizer, paramsSanitizer, and payloadSanitizer should be in the following format:

const customSanitizer = (dirtyObj) => {
    // ...
    return cleanObj;
}

All options can be passed on a per-route basis. Route options overrides server options.

// example
{
    path: '/',
    method: 'get',
    handler: (request, reply) => {
        ...
    },
    options: {
        plugins: {
            disinfect: {
                disinfectQuery: true,
                disinfectParams: false,
                disinfectPayload: true
            }
        }
    }
}

Disable on a route.

{
    path: '/',
    method: 'get',
    handler: (request, reply) => {
        ...
    },
    options: {
        plugins: {
            disinfect: false
        }
    }
}

Contributing

Include 100% test coverage
Follow the Hapi coding conventions
Submit an issue first for significant changes.

Credits

hapi-sanitize-payload - Hapi plugin to sanitize the request payload
Caja-HTML-Sanitizer - Bundles Google Caja's HTML Sanitizer within a npm installable node.js module

Keywords

FAQs

What is disinfect?

Is disinfect well maintained?

Package last updated on 03 Nov 2022

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

disinfect

disinfect

Usage

Options

Contributing

Credits

Keywords

Related posts

PyPI Introduces Digital Attestations to Strengthen Python Package Security

GitHub Removes Malicious Pull Requests Targeting Open Source Repositories