Security News
Crates.io Users Targeted by Phishing Emails
The Rust Security Response WG is warning of phishing emails from rustfoundation.dev targeting crates.io users.
By Sarah Gooding - Sep 12, 2025
hapi-sanitize-payload
Advanced tools
hapi-sanitize-payload
A plugin to recursively sanitize or prune values in a request.payload object.
Currently uses the following rules:
- Removes null characters (ie.
\0) from string values - Deletes from the payload keys with a value of empty string (ie.
''), or optionally replaces them with a different value - Deletes from the payload keys with a value consisting entirely of whitespace (ie.
' \t\n '), or optionally replaces them with a different value - Deletes whitespace from ends of string (ie.
' text 'becomes'text') - Optionally deletes/replaces
nullvalues
Registering the plugin
const registerPlugins = async (server) => {
await server.register([
{ plugin: require('hapi-sanitize-payload'), options: { pruneMethod: 'delete' } }
]);
};
Options
enabled- whether or not the plugin is enabled.pruneMethod- the method the sanitizer uses when a value that is to be pruned is encountered. Defaults to'delete'. The value must be one of:'delete'- the key will be removed from the payload entirely (ie.{ a: '', b: 'b' }:arrow_right:{ b: 'b' }).'replace'- the key will be preserved, but its value will be replaced with the value ofreplaceValue.
replaceValue- valid only whenpruneMethodis set to'replace', this value will be used as the replacement of any pruned values (ie. if configured asnull, then{ a: '', b: 'b' }:arrow_right:{ a: null, b: 'b' }).stripNull- a boolean value to signify whether or notnullproperties should be pruned with the samepruneMethodandreplaceValueas above. Defaults tofalse.fieldOverrides- an object where each key is a property and its value is an object of options (pruneMethod,replaceValue, andstripNull). The options value overrides the default options for that given property.nestedOverrides- an object where each key is a property and its value is an object of options (pruneMethod,replaceValue, andstripNull). The options value overrides the default options applied to the nested object of that property. The default options for that property are considered the options after the fieldOverrides are applied.
Each of the above options can be configured on a route-by-route basis via the sanitize plugin object.
const registerRoutes = (server) => {
server.route({
method: 'POST',
path: '/users',
handler: () => {
// handler logic
},
options: {
plugins: {
sanitize: { enabled: false }
}
}
});
};
Setting up the server.
(async () => {
try {
const server = new Hapi.Server();
await registerPlugins(server);
registerRoutes(server);
await server.start();
} catch (err) {
// Insert your preferred error handling here...
}
)();
Keywords
FAQs
Hapi plugin to sanitize the request payload
We found that hapi-sanitize-payload demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 35 open source maintainers collaborating on the project.
Package last updated on 10 Jun 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Introducing Custom Pull Request Alert Comment Headers
Socket now lets you customize pull request alert headers, helping security teams share clear guidance right in PRs to speed reviews and reduce back-and-forth.
By André Staltz - Sep 12, 2025
Product
Rust Support Now in Beta
Socket's Rust support is moving to Beta: all users can scan Cargo projects and generate SBOMs, including Cargo.toml-only crates, with Rust-aware supply chain checks.
By Mikola Lysenko, Trevor Norris - Sep 11, 2025