scorpion4dev-express-autosanitizer
Advanced tools
Readme
npm i --save scorpion4dev-express-autosanitizer
Import the module with this declaration at the top of the file:
const sanitizer = require('scorpion4dev-express-autosanitizer')
Mount the middleware
const options = {
body: Boolean, // default is true
params: Boolean, // default is true
query: Boolean, // default is true
cookies: Boolean, // default is false
headers: Boolean, // default is false
escapeHtml: Boolean, // default is false
replaceOriginal: Boolean, // will replace the dangerous input
replaceCustomValue: Object, // will replace input string with custom value
sanitizerFunction: Function // use your personnal sanitizing algorithm
}
app.use(sanitizer(options))
Note: if you use the body option, make sure you mount the sanitizer between the body-parser/cookie-parser middleware and your routes declaration.
After the middleware has processed the input, the original version will be stored in the original place and the safe version will be stored in req.sanitized.
app.get('/', (req, res) => {
console.log(req.sanitized.query.exampleParam) // safe and sanitized
console.log(req.query.exampleParam) // potentially dangerous
})
Example for the replaceCustomValue option
...
const options = {
replaceCustomValue: {
'$null': null
}
}
...
app.get('/', (req, res) => {
console.log(req.query.exampleParam) // assume the output is "$null"
console.log(req.sanitized.query.exampleParam) // output will be replace by null
})
FAQs
automatic sanitization of req body fields, params and query. automatically does sanitization and escaping as middleware.
The npm package scorpion4dev-express-autosanitizer receives a total of 1 weekly downloads. As such, scorpion4dev-express-autosanitizer popularity was classified as not popular.
We found that scorpion4dev-express-autosanitizer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.
Security News
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.