Data sanitization Node.JS( MongoDB/MongoDB Operator Injection)

Data sanitization Node.JS( MongoDB/MongoDB Operator Injection)

Play this article

I will discuss here how to sanitizes user-supplied data. Without below mentioned sanitization, malicious users can send malicious data which can crash/harm our Application and malicious users can stole confidential data.

Sanitization-

  1. MongoDB Operator Injection

2. Sanitize user input coming from POST body, GET queries, and url params

MongoDB Operator Injection- Object keys starting with a $ or containing a . are reserved for use by MongoDB as operators. Without this sanitization, malicious users could send an object containing a $ operator, or including a . and can stole confidential data. So to prevent it, follow below mentioned steps

  1. Install- npm install express-mongo-sanitize
  2. Get reference in app/index.js file, Then use it as middleware, Just place after Body parser middleware

Sanitize user input coming from POST body, GET queries, and url params-

  1. Install- npm install xss-clean — save
  2. Get reference in app/index.js file, Then use it as middleware, Just place after mongoSanitize middleware

Now your Node App is Safe from MongoDB Operator Injection, and user supplied data is also clean. Happy Coding…