npm
Sign UpSign In

disinfect

2.0.0 • Public • Published

disinfect

Build Status Coverage Status NPM Version NPM Downloads Code Climate Known Vulnerabilities

Hapi plugin to apply Google's Caja HTML Sanitizer on route query, payload, and params.

  • Capable for custom sanitization and per-route configuration.
  • Can also be used for input formatting using the custom sanitizer option.
  • Can be disabled per route.

Usage

const registerPlugins = async (server) => Promise.all([
    server.register({
        plugin: require('disinfect'),
        options: {
            disinfectQuery: true,
            disinfectParams: true,
            disinfectPayload: true
        }
    })
]);

registerPlugins(server)
    .then(() => {
        // ...
    })
    .catch((err) => {
        // ...
    })

Glue manifest

register: {
    plugins: [
        {
            plugin: require('disinfect'),
            options: {
                disinfectQuery: true,
                disinfectParams: true,
                disinfectPayload: true
            }
        }
    ]
}

Options

  • deleteEmpty - remove empty query or payload keys.
  • deleteWhitespace - remove whitespace query, payload, or params keys.
  • disinfectQuery - sanitize query strings.
  • disinfectParams - sanitize url params.
  • disinfectPayload - sanitize payload.
  • genericSanitizer - custom synchronous function to do the sanitization of query, payload, and params.
  • querySanitizer - custom synchronous function to do the sanitization of query strings.
  • paramsSanitizer - custom synchronous function to do the sanitization of url params.
  • payloadSanitizer - custom synchronous function to do the sanitization of payload.

deleteEmpty and deleteWhitespace defaults to false.

disinfectQuery, disinfectParams, and disinfectPayload defaults to false. If set to true, object will be passed to caja first before custom sanitizers.

dirtyObject ->`Caja` sanitizer -> `genericSanitizer` -> `query-`, `params-`, or `payload-` sanitizer -> deleteWhitespace -> deleteEmpty -> cleanObject.

genericSanitizer, querySanitizer, paramsSanitizer, and payloadSanitizer should be in the following format:

const customSanitizer = (dirtyObj) => {
    // ...
    return cleanObj;
}

All options can be passed on a per-route basis. Route options overrides server options.

// example
{
    path: '/',
    method: 'get',
    handler: (request, reply) => {
        ...
    },
    options: {
        plugins: {
            disinfect: {
                disinfectQuery: true,
                disinfectParams: false,
                disinfectPayload: true
            }
        }
    }
}

Disable on a route.

{
    path: '/',
    method: 'get',
    handler: (request, reply) => {
        ...
    },
    options: {
        plugins: {
            disinfect: false
        }
    }
}

Contributing

Credits

Dependencies (4)

Dev Dependencies (4)

Package Sidebar

Install

npm i disinfect

Repository

github.com/genediazjr/disinfect

Homepage

github.com/genediazjr/disinfect#readme

Weekly Downloads

399

Version

2.0.0

License

MIT

Unpacked Size

10.9 kB

Total Files

4

Last publish

Collaborators

  • genediazjr
Try on RunKit
Report malware