express-mongo-sanitize - npm Package Versions

[2.2.0] - 2022-01-14

Added

• New config option:
  • allowDots boolean: if set, allows dots in the user-supplied data #41

Fixed

• Prevent null pointer exception when using dryRun option #88

[2.1.0] - 2021-05-11

Added

• New config options:
  • onSanitize callback: this will be called after the request's value was sanitized, with two named parameters: the key that was sanitized, and the raw req object.
  • dryRun boolean: if set, sanitization will not take place. Useful when combined with onSanitize to report on the keys which would have been sanitized.
• TypeScript types
• Official support for node v16.

[2.0.2] - 2021-01-07

Fixed

• Fixed a prototype pollution security vulnerability. #34

Updated

• Update dependencies.

[2.0.1] - 2020-12-02

Updated

• Update dependencies and test against node 14.

Changed

• Use ESLint instead of JSHint for code linting.
• Use GitHub Actions for CI instead of Travis.

[2.0.0] - 2020-03-25

Added / Breaking

• Support sanitization of headers. #5

Note that if you weren't previously expecting headers to be sanitized, this is considered a breaking change.

Breaking

• Drop support for node versions < 10.

[1.3.2] - 2017-01-12

Fixed

• Fixed an issue when using the sanitizer in the node REPL. #3

[1.3.1] - 2017-01-12

Fixed

• Fixed an issue with objects containing prohibited keys nested inside other objects with prohibited keys. #2
• Added a more robust check for plain objects.

[1.3.0] - 2016-01-15

Added

• A new function has, which checks whether a passed object/array contains any keys with prohibited characters.

[1.2.0] - 2016-01-13

Added

• A new option replaceWith which can be used to replace offending characters in a key. This is an alternative to removing the data from the payload.

[1.1.0] - 2016-01-13

Added

• The middleware also now sanitizes keys with a .. This is in line with Mongo's reserved operators.