express-autosanitizer
Automatic sanitization of req body, params and query strings. uses caja. automatically does sanitization and escaping as middleware.
If this does make your life easier, please consider making a donation to my Patreon. 🤝
important note: do not use with large amounts of input, it might overflow. it goes through the fields recursively. in that case, use singular sanitization instead.
Install
npm i -S express-autosanitizer
Usage
Import
const expAutoSan = ;
important note: if you intend to use it with app.use(), mount the middleware below the express.json()
(or bodyParser()
) instantiation
Use middleware everywhere (safe):
writes sanitized data to req.autosan (req.autosan.body, req.autosan.params, req.autosan.query)
app; // Mount hereapp; app;
Use middleware everywhere (UNSAFE):
writes sanitized data to req, mutes req object so it might cause problems. p.s: this is to apply sanitization for lazy people like me.
app; // Mount hereapp; //no extra middleware neededapp;
Use middleware for a route (safe):
writes sanitized data to req.autosan (req.autosan.body, req.autosan.params, req.autosan.query)
//use the middlewareapp;
Use middleware for a route (UNSAFE):
writes sanitized data to req (req.body, req.params, req.query)
//use different middlewareapp;
Use as function (safe):
app;
What it does
When you use it on a field or a route, it will remove all script tags, and escape html characters. this improves security in your app.
Caveats
This module uses "sanitizer" module, the sanitization logic is done in that package, review the package yourself. This package goes over the data recursively, it is your duty to be wise enough not to use data that will crash it, you should be fine for most cases (forms, ajax apps, api etc).
License
Copyright (c) 2019 Antonio Ramirez sepehralizade@live.com, MIT License