GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → genediazjr → disinfect

genediazjr / disinfect

Licence: MIT License
Request query, payload, and params sanitization for Hapi

Programming Languages

javascript
184084 projects - #8 most used programming language

Labels

hapicajadisinfect

Projects that are alternatives of or similar to disinfect

typesafe-hapi
Typechecking for HapiJS based on Joi schemas!
Stars: ✭ 21 (+5%)
Mutual labels:  hapi
hapi-sentry
A hapi plugin for request error logging to Sentry
Stars: ✭ 24 (+20%)
Mutual labels:  hapi
hapi-imagemin-proxy
Hapi proxy for serving optimized images
Stars: ✭ 30 (+50%)
Mutual labels:  hapi
api.pokedextracker.com
API for pokedextracker.com
Stars: ✭ 38 (+90%)
Mutual labels:  hapi
steerage
Hapi server configuration and composition using confidence, topo, and shortstop.
Stars: ✭ 15 (-25%)
Mutual labels:  hapi
exiting
Safely shutdown http://hapijs.com servers.
Stars: ✭ 23 (+15%)
Mutual labels:  hapi
hapi-react-fullstack-boilerplate
Hapi, Sequelize, React, etc.
Stars: ✭ 21 (+5%)
Mutual labels:  hapi
hapi-cron
🕰️ Cron jobs for internal hapi.js routes
Stars: ✭ 41 (+105%)
Mutual labels:  hapi
hapi-decorators
Decorators for HapiJS routes
Stars: ✭ 65 (+225%)
Mutual labels:  hapi
joi-to-typescript
Convert Joi Schemas to TypeScript interfaces
Stars: ✭ 73 (+265%)
Mutual labels:  hapi
my-blog
node.js vue.js nuxt.js hapi.js mysql 仿简书博客
Stars: ✭ 25 (+25%)
Mutual labels:  hapi
hapi-moon
Hassle-free and production ready hapi.js Server boilerplate
Stars: ✭ 23 (+15%)
Mutual labels:  hapi
hapi-sequelizejs
A hapi.js plugin to connect with Sequelize ORM
Stars: ✭ 56 (+180%)
Mutual labels:  hapi
wily
Build Node.js APIs from the command line (Dead Project 😵)
Stars: ✭ 14 (-30%)
Mutual labels:  hapi
hapi-acl-auth
Authentication provider agnostic authorization plugin for HapiJS
Stars: ✭ 22 (+10%)
Mutual labels:  hapi
nautilus-pdf-tools
Tools to work with PDF files from Nautilus
Stars: ✭ 16 (-20%)
Mutual labels:  caja
Crashlyzer
Crash viewer web application for displaying the crashes reported by rn-crash-reporter components from React Native mobile applications.
Stars: ✭ 59 (+195%)
Mutual labels:  hapi
graphql-tutorial
Tutorial for GraphQL
Stars: ✭ 24 (+20%)
Mutual labels:  hapi
hapi-dev-errors
A hapi plugin to return better error details and skip the look at command line to catch the issue.
Stars: ✭ 58 (+190%)
Mutual labels:  hapi
paydash
Worker payments dashboard for MGNREGA
Stars: ✭ 44 (+120%)
Mutual labels:  hapi
View All Similar Projects ➔

disinfect

Build Status Coverage Status Code Climate NPM Version NPM Downloads
Dependency Status Known Vulnerabilities

Hapi plugin to apply Google's Caja HTML Sanitizer on route query, payload, and params.

  • Capable for custom sanitization and per-route configuration.
  • Can also be used for input formatting using the custom sanitizer option.
  • Can be disabled per route.

Usage

const registerPlugins = async (server) => Promise.all([
    server.register({
        plugin: require('disinfect'),
        options: {
            disinfectQuery: true,
            disinfectParams: true,
            disinfectPayload: true
        }
    })
]);

registerPlugins(server)
    .then(() => {
        // ...
    })
    .catch((err) => {
        // ...
    })

Glue manifest

register: {
    plugins: [
        {
            plugin: require('disinfect'),
            options: {
                disinfectQuery: true,
                disinfectParams: true,
                disinfectPayload: true
            }
        }
    ]
}

Options

  • deleteEmpty - remove empty query or payload keys.
  • deleteWhitespace - remove whitespace query, payload, or params keys.
  • disinfectQuery - sanitize query strings.
  • disinfectParams - sanitize url params.
  • disinfectPayload - sanitize payload.
  • genericSanitizer - custom synchronous function to do the sanitization of query, payload, and params.
  • querySanitizer - custom synchronous function to do the sanitization of query strings.
  • paramsSanitizer - custom synchronous function to do the sanitization of url params.
  • payloadSanitizer - custom synchronous function to do the sanitization of payload.

deleteEmpty and deleteWhitespace defaults to false.

disinfectQuery, disinfectParams, and disinfectPayload defaults to false. If set to true, object will be passed to caja first before custom sanitizers.

dirtyObject ->`Caja` sanitizer -> `genericSanitizer` -> `query-`, `params-`, or `payload-` sanitizer -> deleteWhitespace -> deleteEmpty -> cleanObject.

genericSanitizer, querySanitizer, paramsSanitizer, and payloadSanitizer should be in the following format:

const customSanitizer = (dirtyObj) => {
    // ...
    return cleanObj;
}

All options can be passed on a per-route basis. Route options overrides server options.

// example
{
    path: '/',
    method: 'get',
    handler: (request, reply) => {
        ...
    },
    options: {
        plugins: {
            disinfect: {
                disinfectQuery: true,
                disinfectParams: false,
                disinfectPayload: true
            }
        }
    }
}

Disable on a route.

{
    path: '/',
    method: 'get',
    handler: (request, reply) => {
        ...
    },
    options: {
        plugins: {
            disinfect: false
        }
    }
}

Contributing

Credits

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].