# Data sanitization Node.JS( MongoDB/MongoDB Operator Injection)

I will discuss here how to sanitizes user-supplied data. Without below mentioned sanitization, malicious users can send malicious data which can crash/harm our Application and malicious users can stole confidential data.

### Sanitization-

1.  MongoDB Operator Injection

2\. Sanitize user input coming from POST body, GET queries, and url params

> **MongoDB Operator Injection-** Object keys starting with a $ or containing a . are reserved for use by MongoDB as operators. Without this sanitization, malicious users could send an object containing a $ operator, or including a . and can stole confidential data. So to prevent it, follow below mentioned steps

1.  Install**\-** ***npm install express-mongo-sanitize***
2.  Get reference in app/index.js file, Then use it as middleware, Just place after ***Body parser*** *middleware*

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1639214297964/Wlo7S6Nd3.png)

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1639214299831/zfkNtPIrK.png)

> **Sanitize user input coming from POST body, GET queries, and url params-**

1.  Install**\-** **npm install xss-clean — save**
2.  Get reference in app/index.js file, Then use it as middleware, Just place after **mongoSanitize** *middleware*

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1639214301702/S_nXb05is.png)

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1639214303253/i2uZ2u0My.png)

Now your Node App is Safe from MongoDB Operator Injection, and user supplied data is also clean. Happy Coding…