is there way to sanitize schema field like middleware?

Question

is there way to sanitize schema field like middleware?

luasenvy opened this issue 5 years ago · 2 comments

hi, I'm looking for a way to handle xss.
can i sanitize schema field data In one place like middleware?

like this:

const sanitize = require('sanitize-html')
MIDDLEWARE('sanitize', async function($){
  // but not initialize yet model and body field.
  $.body.content = sanitize($.body.content)
  $.next()
})

Answer 1 · 2019-10-31T09:24:15.000Z

This is not good idea because I recommend to sanitize rendering only. This may work in latest version of Total.js framework:

NEWSCHEMA('YourSchemaName', function(schema) {

    schema.middleware(function($, next) {

        // $.name === name of executed operation
        switch ($.name) {
            case 'save':
            case 'insert':
            case 'update':

                for (var i = 0; i < schema.fields.length; i++) {
                    var field = schema.fields[i];
                    if (typeof($.model[field]) === 'string')
                        $.model[field] = sanitize($.model[field]);
                }

                break;
        }

        next();
    });

});

or via middleware like your:

MIDDLEWARE('sanitize', function($){
    var keys = Object.keys($.body);
    for (var i = 0; i < keys.length; i++) {
        var key = keys[i];
        if (typeof($.body[key]) === 'string')
            $.body[key] = sanitize($.body[key]);
    }
    $.next();
});

Answer 2 · 2019-10-31T12:52:09.000Z

thank you for reply.

I will use it as your recommendation. 👍