hapi-sanitize-payload
v3.0.0
Published
Hapi plugin to sanitize the request payload
Downloads
3,754
Maintainers
Keywords
Readme
hapi-sanitize-payload
A plugin to recursively sanitize or prune values in a request.payload
object.
Currently uses the following rules:
- Removes null characters (ie.
\0
) from string values - Deletes from the payload keys with a value of empty string (ie.
''
), or optionally replaces them with a different value - Deletes from the payload keys with a value consisting entirely of whitespace (ie.
' \t\n '
), or optionally replaces them with a different value - Deletes whitespace from ends of string (ie.
' text '
becomes'text'
) - Optionally deletes/replaces
null
values
Registering the plugin
const registerPlugins = async (server) => {
await server.register([
{ plugin: require('hapi-sanitize-payload'), options: { pruneMethod: 'delete' } }
]);
};
Options
enabled
- whether or not the plugin is enabled.pruneMethod
- the method the sanitizer uses when a value that is to be pruned is encountered. Defaults to'delete'
. The value must be one of:'delete'
- the key will be removed from the payload entirely (ie.{ a: '', b: 'b' }
:arrow_right:{ b: 'b' }
).'replace'
- the key will be preserved, but its value will be replaced with the value ofreplaceValue
.
replaceValue
- valid only whenpruneMethod
is set to'replace'
, this value will be used as the replacement of any pruned values (ie. if configured asnull
, then{ a: '', b: 'b' }
:arrow_right:{ a: null, b: 'b' }
).stripNull
- a boolean value to signify whether or notnull
properties should be pruned with the samepruneMethod
andreplaceValue
as above. Defaults tofalse
.fieldOverrides
- an object where each key is a property and its value is an object of options (pruneMethod
,replaceValue
, andstripNull
). The options value overrides the default options for that given property.nestedOverrides
- an object where each key is a property and its value is an object of options (pruneMethod
,replaceValue
, andstripNull
). The options value overrides the default options applied to the nested object of that property. The default options for that property are considered the options after the fieldOverrides are applied.
Each of the above options can be configured on a route-by-route basis via the sanitize
plugin object.
const registerRoutes = (server) => {
server.route({
method: 'POST',
path: '/users',
handler: () => {
// handler logic
},
options: {
plugins: {
sanitize: { enabled: false }
}
}
});
};
Setting up the server.
(async () => {
try {
const server = new Hapi.Server();
await registerPlugins(server);
registerRoutes(server);
await server.start();
} catch (err) {
// Insert your preferred error handling here...
}
)();