Skip to content

Express JS middleware to cleanup/sanitize json request body in express

License

Notifications You must be signed in to change notification settings

shohidulbari/express-html-sanitizer

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

express-html-sanitizer

express-html-sanitizer provides a middleware for Express JS to cleanup/sanitize JSON request body in express RESTful Service or in any JSON input containing unwanted HTML tags.

express-html-sanitizer uses excellent sanitize-html module recursively for sanitizing JSON data with unwanted HTML tags. You can put this middleware at root level to sanitize request body and provide a clean html sanitized payload for next middleware.

Requirements

express-html-sanitizer is intended for use with Express JS as a middleware. That's pretty much it. express-html-sanitizer is built on the excellent sanitize-html module.

How to use

Install module:

npm install express-html-sanitizer

Import the module:

const sanitizer  = require('express-html-sanitizer')

Get the middleware:

const sanitizeReqBody = sanitizer();

you can make some configuration for allowed tags and other like exactly sanitize-html and pass it as argument to get configured middleware. For details configuration you can see sanitize-html module documentation.

config = {
	allowedTags:  [  'b',  'i',  'em',  'strong',  'a'  ],
	allowedAttributes:  {'a':  [  'href'  ] },
	allowedIframeHostnames:  ['www.youtube.com']
}
const sanitizeReqBody = sanitizer(config);

Add a json body-parser middleware

app.use(require('body-parser').json());

Now use it in your Express App .

app.use(sanitizeReqBody);

Boom!!

Full Example

const express = require('express');
const sanitizer = require('express-html-sanitizer');
const app = express();

//Make some custom configuration if you want(optional)
config = {
	allowedTags:  [  'b',  'i',  'em',  'strong',  'a'  ],
	allowedAttributes:  {'a':  [  'href'  ] },
	allowedIframeHostnames:  ['www.youtube.com']
}

//Get the middleware
const sanitizeReqBody = sanitizer(config);

//Add body-parser middleware
app.use(require('body-parser').json());

//Add express-html-sanitizer middleware
app.use(sanitizeReqBody);

app.post('/post', (req, res, next) => {
	//get sanitized req.body
})

app.listen(8080, ()=> {
	console.log("Express server started");
})

Support

Fell free to open issues on github

About

Express JS middleware to cleanup/sanitize json request body in express

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published