I have been learning node/express for the past few weeks. So pretty much a novice. I did the express tutorial from mdn as my first project. I ran into validation and sanitization there. I have understood the gist of it and some better practices from research and some folks at r/webdev helped a lot with it.I have a few more questions that I thought would be appropriate to ask here -So a better convention is to validate input and sanitize output is what I got. So is there a package for that? I am using ejs. Does ejs do it automatically with <%= %>? Can't use express-validator I suppose because it works on the request body.Right now I am sanitizing the input before storing to the database. Apostrophe is being replaced by its utf-8 code (expected). But when I retrieve and display it using ejs it just shows the code and not apostrophe.Is dompurify only intended for sanitizing markup or should it be used on user data at the backend?xss-filters is quite old and not used as much as validator. What are the best sanitization packages available?Thanks for reading!
Submitted September 26, 2020 at 07:47AM by reshav_paul
No comments:
Post a Comment