Rsi-mongo-sanitize NPM

rsi-mongo-sanitize

Extends mongo-sanitize which sanitizes inputs against query selector injection attacks to allow RSI query parameters

import { sanitize } from "rsi-mongo-sanitize";

// The sanitize function will strip out any keys that start with '$' in the input,
// except those which are special RSI query parameters
// so you can pass it to MongoDB without worrying about malicious users overwriting
// query selectors.

const clean = sanitize(req.params.username);

Users.findOne({ name: clean }, function(err, doc) {
  // ...
});

var sanitize = require('rsi-mongo-sanitize');

var clean = sanitize.sanitize(req.params.username);

Users.findOne({ name: clean }, function(err, doc) {
  // ...
});

If sanitize() is passed an object, it will mutate the original object.

rsi mongodb sanitize query selector injection

@infinitebrahmanuniverse/nolb-rsi @everything-registry/sub-chunk-2688

1.0.1

3 years ago