Node.js Connect middleware to sanitize user input coming from POST body, GET queries, and url params. Works with Express, Restify, or any other Connect app.
npm install xss-clean --save
var restify = require('restify')
var xss = require('xss-clean')
var app = restify.createServer()
app.use(restify.bodyParser())
/* make sure this comes before any routes */
app.use(xss())
app.listen(8080)
This will sanitize any data in req.body
, req.query
, and req.params
. You can also access the API directly if you don't want to use as middleware.
var clean = require('xss-clean/lib/xss').clean
var cleaned = clean('<script></script>')
// will return "<script></script>"