I will discuss here how to sanitizes user-supplied data. Without below mentioned sanitization, malicious users can send malicious data which can crash/harm our Application and malicious users can stole confidential data.
Sanitization-
- MongoDB Operator Injection
2. Sanitize user input coming from POST body, GET queries, and url params
MongoDB Operator Injection- Object keys starting with a $ or containing a . are reserved for use by MongoDB as operators. Without this sanitization, malicious users could send an object containing a $ operator, or including a . and can stole confidential data. So to prevent it, follow below mentioned steps
- Install- npm install express-mongo-sanitize
- Get reference in app/index.js file, Then use it as middleware, Just place after Body parser middleware
Sanitize user input coming from POST body, GET queries, and url params-
- Install- npm install xss-clean — save
- Get reference in app/index.js file, Then use it as middleware, Just place after mongoSanitize middleware
Now your Node App is Safe from MongoDB Operator Injection, and user supplied data is also clean. Happy Coding…