I'm dealing now with sanitizing user input to prevent XSS & SQL type of attack. Ideally, I would love to have a single middleware that sanitizes the entire input (i.e. remove script tags, sql commands, etc). Practically, I can't find a library that acts that way + this approach has significant performance footprint. Most libraries like xss-filters & express-validator act on specific routes and fields which forces the developer to deal with security concerns as she codes business features. What do you think?
Submitted June 04, 2018 at 01:15PM by yonatannn
No comments:
Post a Comment