Data sanitization Node.JS( MongoDB/MongoDB Operator Injection)

I will discuss here how to sanitizes user-supplied data. Without below mentioned sanitization, malicious users can send malicious data which can crash/harm our Application and malicious users can stole confidential data.

Sanitization-

  1. MongoDB Operator Injection

2. Sanitize user input coming from POST body, GET queries, and url params

MongoDB Operator Injection- Object keys starting with a $ or containing a . are reserved for use by MongoDB as operators. Without this sanitization, malicious users could send an object containing a $ operator, or including a . and can stole confidential data. So to prevent it, follow below mentioned steps

  1. Install- npm install express-mongo-sanitize
  2. Get reference in app/index.js file, Then use it as middleware, Just place after Body parser middleware

Sanitize user input coming from POST body, GET queries, and url params-

  1. Install- npm install xss-clean — save
  2. Get reference in app/index.js file, Then use it as middleware, Just place after mongoSanitize middleware

Now your Node App is Safe from MongoDB Operator Injection, and user supplied data is also clean. Happy Coding…

Hi there 👋, I am Anil Verma, a full stack web developer, and JavaScript enthusiast.