mongo-sanitize
v1.1.0
Published
Helper to sanitize mongodb queries against query selector injections
Downloads
69,545
Maintainers
Readme
mongo-sanitize
For the passionately lazy, a standalone module that sanitizes inputs against query selector injection attacks:
var sanitize = require('mongo-sanitize');
// The sanitize function will strip out any keys that start with '$' in the input,
// so you can pass it to MongoDB without worrying about malicious users overwriting
// query selectors.
var clean = sanitize(req.params.username);
Users.findOne({ name: clean }, function(err, doc) {
// ...
});
If sanitize()
is passed an object, it will mutate the original object.