Installation
npm i --save scorpion4dev-express-autosanitizer
Usage
Import the module with this declaration at the top of the file:
const sanitizer = require('scorpion4dev-express-autosanitizer')Mount the middleware
const options = {
body: Boolean, // default is true
params: Boolean, // default is true
query: Boolean, // default is true
cookies: Boolean, // default is false
headers: Boolean, // default is false
escapeHtml: Boolean, // default is false
replaceOriginal: Boolean, // will replace the dangerous input
replaceCustomValue: Object, // will replace input string with custom value
sanitizerFunction: Function // use your personnal sanitizing algorithm
}
app.use(sanitizer(options))Note: if you use the body option, make sure you mount the sanitizer between the body-parser/cookie-parser middleware and your routes declaration.
Output
After the middleware has processed the input, the original version will be stored in the original place and the safe version will be stored in req.sanitized.
app.get('/', (req, res) => {
console.log(req.sanitized.query.exampleParam) // safe and sanitized
console.log(req.query.exampleParam) // potentially dangerous
})Example for the replaceCustomValue option
...
const options = {
replaceCustomValue: {
'$null': null
}
}
...
app.get('/', (req, res) => {
console.log(req.query.exampleParam) // assume the output is "$null"
console.log(req.sanitized.query.exampleParam) // output will be replace by null
})