Hey all.I'm working on a node app and I'm looking for some tips on sanitizing user input. Sanitizing user input is always listed as something super important, but I can't really find any good posts about how exactly to do this.For a bit more context, I have a node.js express app, and I am saving data to a mysql database using knex. That data that I save will sometimes be sent back to the client and displayed in a react app.I'm using express-validator which is set up to validate the data, that is working no problem. express-validator also has sanitization methods, but they don't seem to actually remove things like script tags from user inputs, these are just passed right along to the database. I can escape the input with that package, but I'm looking for a way of just removing potentially harmful things like script tags from user input data.I guess my question is really, what strategy would you take here? Do you have any resources around sanitizing data? Am i maybe just missing the mark about what it really means?Really appreciate any feedback and guidance!
Submitted July 26, 2019 at 01:31AM by Northern_Nine
No comments:
Post a Comment