A plugin to recursively sanitize or prune values in a request.payload object.
Currently uses the following rules:
- Removes null characters (ie.
\0) from string values - Deletes from the payload keys with a value of empty string (ie.
''), or optionally replaces them with a different value - Deletes from the payload keys with a value consisting entirely of whitespace (ie.
' \t\n '), or optionally replaces them with a different value - Deletes whitespace from ends of string (ie.
' text 'becomes'text') - Optionally deletes/replaces
nullvalues
const registerPlugins = async (server) => {
await server.register([
{ plugin: require('hapi-sanitize-payload'), options: { pruneMethod: 'delete' } }
]);
};enabled- whether or not the plugin is enabled.pruneMethod- the method the sanitizer uses when a value that is to be pruned is encountered. Defaults to'delete'. The value must be one of:'delete'- the key will be removed from the payload entirely (ie.{ a: '', b: 'b' }➡️{ b: 'b' }).'replace'- the key will be preserved, but its value will be replaced with the value ofreplaceValue.
replaceValue- valid only whenpruneMethodis set to'replace', this value will be used as the replacement of any pruned values (ie. if configured asnull, then{ a: '', b: 'b' }➡️{ a: null, b: 'b' }).stripNull- a boolean value to signify whether or notnullproperties should be pruned with the samepruneMethodandreplaceValueas above. Defaults tofalse.
Each of the above options can be configured on a route-by-route basis via the sanitize plugin object.
const registerRoutes = (server) => {
server.route({
method: 'POST',
path: '/users',
handler: () => {
// handler logic
},
options: {
plugins: {
sanitize: { enabled: false }
}
}
});
};Setting up the server.
(async () => {
try {
const server = new Hapi.Server();
await registerPlugins(server);
registerRoutes(server);
await server.start();
} catch (err) {
// Insert your preferred error handling here...
}
)();
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent