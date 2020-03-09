Hapi plugin to apply Google's Caja HTML Sanitizer on route query, payload, and params.
const registerPlugins = async (server) => Promise.all([
server.register({
plugin: require('disinfect'),
options: {
disinfectQuery: true,
disinfectParams: true,
disinfectPayload: true
}
})
]);
registerPlugins(server)
.then(() => {
// ...
})
.catch((err) => {
// ...
})
Glue manifest
register: {
plugins: [
{
plugin: require('disinfect'),
options: {
disinfectQuery: true,
disinfectParams: true,
disinfectPayload: true
}
}
]
}
deleteEmpty and
deleteWhitespace defaults to
false.
disinfectQuery,
disinfectParams, and
disinfectPayload defaults to
false. If set to true, object will be passed to
caja first before custom sanitizers.
dirtyObject ->`Caja` sanitizer -> `genericSanitizer` -> `query-`, `params-`, or `payload-` sanitizer -> deleteWhitespace -> deleteEmpty -> cleanObject.
genericSanitizer,
querySanitizer,
paramsSanitizer, and
payloadSanitizer should be in the following format:
const customSanitizer = (dirtyObj) => {
// ...
return cleanObj;
}
All options can be passed on a per-route basis. Route options overrides server options.
// example
{
path: '/',
method: 'get',
handler: (request, reply) => {
...
},
options: {
plugins: {
disinfect: {
disinfectQuery: true,
disinfectParams: false,
disinfectPayload: true
}
}
}
}
Disable on a route.
{
path: '/',
method: 'get',
handler: (request, reply) => {
...
},
options: {
plugins: {
disinfect: false
}
}
}