ms
mongo-sanitize
npm i mongo-sanitize
ms

mongo-sanitize

A super-simple no-dependency defense against query selector injection attacks: http://blog.websecurify.com/2014/08/hacking-nodejs-and-mongodb.html

by Valeri Karpov

1.1.0 (see all)License:MITTypeScript:DefinitelyTyped
npm i mongo-sanitize
Readme

mongo-sanitize

For the passionately lazy, a standalone module that sanitizes inputs against query selector injection attacks:

var sanitize = require('mongo-sanitize');

// The sanitize function will strip out any keys that start with '$' in the input,
// so you can pass it to MongoDB without worrying about malicious users overwriting
// query selectors.
var clean = sanitize(req.params.username);

Users.findOne({ name: clean }, function(err, doc) {
  // ...
});

If sanitize() is passed an object, it will mutate the original object.

Downloads/wk

17.9K

GitHub Stars

118

LAST COMMIT

3yrs ago

MAINTAINERS

1

CONTRIBUTORS

4

OPEN ISSUES

2

OPEN PRs

0
VersionTagPublished
1.1.0
latest
3yrs ago
No alternatives found
No tutorials found
Add a tutorial
No dependencies found

Rate & Review

100
No reviews found
Be the first to rate