A plugin to recursively sanitize or prune values in a request.payload
object.
Currently uses the following rules:
- Removes null characters (ie.
\0
) from string values - Deletes from the payload keys with a value of empty string (ie.
''
), or optionally replaces them with a different value - Deletes from the payload keys with a value consisting entirely of whitespace (ie.
' \t\n '
), or optionally replaces them with a different value - Deletes whitespace from ends of string (ie.
' text '
becomes'text'
) - Optionally deletes/replaces
null
values
const registerPlugins = async (server) => {
await server.register([
{ plugin: require('hapi-sanitize-payload'), options: { pruneMethod: 'delete' } }
]);
};
enabled
- whether or not the plugin is enabled.pruneMethod
- the method the sanitizer uses when a value that is to be pruned is encountered. Defaults to'delete'
. The value must be one of:'delete'
- the key will be removed from the payload entirely (ie.{ a: '', b: 'b' }
➡️{ b: 'b' }
).'replace'
- the key will be preserved, but its value will be replaced with the value ofreplaceValue
.
replaceValue
- valid only whenpruneMethod
is set to'replace'
, this value will be used as the replacement of any pruned values (ie. if configured asnull
, then{ a: '', b: 'b' }
➡️{ a: null, b: 'b' }
).stripNull
- a boolean value to signify whether or notnull
properties should be pruned with the samepruneMethod
andreplaceValue
as above. Defaults tofalse
.
Each of the above options can be configured on a route-by-route basis via the sanitize
plugin object.
const registerRoutes = (server) => {
server.route({
method: 'POST',
path: '/users',
handler: () => {
// handler logic
},
options: {
plugins: {
sanitize: { enabled: false }
}
}
});
};
Setting up the server.
(async () => {
try {
const server = new Hapi.Server();
await registerPlugins(server);
registerRoutes(server);
await server.start();
} catch (err) {
// Insert your preferred error handling here...
}
)();