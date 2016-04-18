Node.js Connect middleware to sanitize user input coming from POST body, GET queries, and url params. Works with Express, Restify, or any other Connect app.
npm install xss-clean --save
var restify = require('restify')
var xss = require('xss-clean')
var app = restify.createServer()
app.use(restify.bodyParser())
/* make sure this comes before any routes */
app.use(xss())
app.listen(8080)
This will sanitize any data in
req.body,
req.query, and
req.params. You can also access the API directly if you don't want to use as middleware.
var clean = require('xss-clean/lib/xss').clean
var cleaned = clean('<script></script>')
// will return "<script></script>"