Wondering what’s next for npm?Check out our public roadmap! »

disinfect

1.1.0 • Public • Published

disinfect

Build Status Coverage Status Code Climate NPM Version NPM Downloads
Dependency Status Known Vulnerabilities

Hapi plugin to apply Google's Caja HTML Sanitizer on route query, payload, and params.

  • Capable for custom sanitization and per-route configuration.
  • Can also be used for input formatting using the custom sanitizer option.
  • Can be disabled per route.

Usage

const registerPlugins = async (server) => Promise.all([
    server.register({
        plugin: require('disinfect'),
        options: {
            disinfectQuery: true,
            disinfectParams: true,
            disinfectPayload: true
        }
    })
]);
 
registerPlugins(server)
    .then(() => {
        // ...
    })
    .catch((err) => {
        // ...
    })
 

Glue manifest

register: {
    plugins: [
        {
            plugin: require('disinfect'),
            options: {
                disinfectQuery: true,
                disinfectParams: true,
                disinfectPayload: true
            }
        }
    ]
}

Options

  • deleteEmpty - remove empty query or payload keys.
  • deleteWhitespace - remove whitespace query, payload, or params keys.
  • disinfectQuery - sanitize query strings.
  • disinfectParams - sanitize url params.
  • disinfectPayload - sanitize payload.
  • genericSanitizer - custom synchronous function to do the sanitization of query, payload, and params.
  • querySanitizer - custom synchronous function to do the sanitization of query strings.
  • paramsSanitizer - custom synchronous function to do the sanitization of url params.
  • payloadSanitizer - custom synchronous function to do the sanitization of payload.

deleteEmpty and deleteWhitespace defaults to false.

disinfectQuery, disinfectParams, and disinfectPayload defaults to false. If set to true, object will be passed to caja first before custom sanitizers.

dirtyObject ->`Caja` sanitizer -> `genericSanitizer` -> `query-`, `params-`, or `payload-` sanitizer -> deleteWhitespace -> deleteEmpty -> cleanObject.

genericSanitizer, querySanitizer, paramsSanitizer, and payloadSanitizer should be in the following format:

const customSanitizer = (dirtyObj) => {
    // ...
    return cleanObj;
}

All options can be passed on a per-route basis. Route options overrides server options.

// example
{
    path: '/',
    method: 'get',
    handler: (request, reply) => {
        ...
    },
    options: {
        plugins: {
            disinfect: {
                disinfectQuery: true,
                disinfectParams: false,
                disinfectPayload: true
            }
        }
    }
}

Disable on a route.

{
    path: '/',
    method: 'get',
    handler: (request, reply) => {
        ...
    },
    options: {
        plugins: {
            disinfect: false
        }
    }
}

Contributing

Credits

Install

npm i disinfect

DownloadsWeekly Downloads

481

Version

1.1.0

License

MIT

Unpacked Size

10.8 kB

Total Files

4

Last publish

Collaborators

  • avatar