Installation
npm i --save scorpion4dev-express-autosanitizer
Usage
Import the module with this declaration at the top of the file:
const sanitizer = require('scorpion4dev-express-autosanitizer')
Mount the middleware
const options = {
body: Boolean,
params: Boolean,
query: Boolean,
cookies: Boolean,
headers: Boolean,
escapeHtml: Boolean,
replaceOriginal: Boolean,
replaceCustomValue: Object,
sanitizerFunction: Function
}
app.use(sanitizer(options))
Note: if you use the body option, make sure you mount the sanitizer between the body-parser/cookie-parser middleware and your routes declaration.
Output
After the middleware has processed the input, the original version will be stored in the original place and the safe version will be stored in req.sanitized
.
app.get('/', (req, res) => {
console.log(req.sanitized.query.exampleParam)
console.log(req.query.exampleParam)
})
Example for the replaceCustomValue option
...
const options = {
replaceCustomValue: {
'$null': null
}
}
...
app.get('/', (req, res) => {
console.log(req.query.exampleParam)
console.log(req.sanitized.query.exampleParam)
})