🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more

mongo-sanitize

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

mongo-sanitize

Helper to sanitize mongodb queries against query selector injections

1.1.0
latest
Version published
Weekly downloads
20K
1.03%
Maintainers
1
Weekly downloads
 
Created

mongo-sanitize

For the passionately lazy, a standalone module that sanitizes inputs against query selector injection attacks:

var sanitize = require('mongo-sanitize');

// The sanitize function will strip out any keys that start with '$' in the input,
// so you can pass it to MongoDB without worrying about malicious users overwriting
// query selectors.
var clean = sanitize(req.params.username);

Users.findOne({ name: clean }, function(err, doc) {
  // ...
});

If sanitize() is passed an object, it will mutate the original object.

FAQs

Package last updated on 02 Mar 2020

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts