v2.0.0

- Added header sanitization
- Drop support for node <10
- Bump dev dependencies

Author: fiznool

.travis.yml

@@ -1,8 +1,4 @@
 language: node_js
 node_js:
-  - '0.10'
-  - '0.12'
-  - '4'
-  - '5'
-  - '6'
-  - '7'
+  - '10'
+  - '12'

CHANGELOG.md

@@ -2,6 +2,15 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## [2.0.0] - 2020-03-25
+### Added / Breaking
+- Support sanitization of headers. #5
+
+Note that if you weren't previously expecting headers to be sanitized, this is considered a breaking change.
+
+### Breaking
+- Drop support for node versions < 10.
+
 ## [1.3.2] - 2017-01-12
 ### Fixed
 - Fixed an issue when using the sanitizer in the node REPL. #3
@@ -27,6 +36,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 Initial Release.
 
+[2.0.0]: https://github.com/fiznool/express-mongo-sanitize/compare/v1.3.2...v2.0.0
 [1.3.2]: https://github.com/fiznool/express-mongo-sanitize/compare/v1.3.1...v1.3.2
 [1.3.1]: https://github.com/fiznool/express-mongo-sanitize/compare/v1.3.0...v1.3.1
 [1.3.0]: https://github.com/fiznool/express-mongo-sanitize/compare/v1.2.0...v1.3.0

index.js

@@ -1,33 +1,32 @@
 'use strict';
 
-var TEST_REGEX = /^\$|\./,
-    REPLACE_REGEX = /^\$|\./g;
+const TEST_REGEX = /^\$|\./;
+const REPLACE_REGEX = /^\$|\./g;
 
 function isPlainObject(obj) {
   return typeof obj === 'object' && obj !== null;
 }
 
 function withEach(target, cb) {
-  var act = function(obj) {
+  (function act(obj) {
     if(Array.isArray(obj)) {
       obj.forEach(act);
 
     } else if(isPlainObject(obj)) {
       Object.keys(obj).forEach(function(key) {
-        var val = obj[key];
-        var resp = cb(obj, val, key);
+        const val = obj[key];
+        const resp = cb(obj, val, key);
         if(resp.shouldRecurse) {
           act(obj[resp.key || key]);
         }
       });
     }
-  };
+  })(target);
 
-  act(target);
 }
 
 function has(target) {
-  var hasProhibited = false;
+  let hasProhibited = false;
   withEach(target, function(obj, val, key) {
     if(TEST_REGEX.test(key)) {
       hasProhibited = true;
@@ -43,13 +42,13 @@ function has(target) {
 function sanitize(target, options) {
   options = options || {};
 
-  var replaceWith = null;
+  let replaceWith = null;
   if(!(TEST_REGEX.test(options.replaceWith))) {
     replaceWith = options.replaceWith;
   }
 
   withEach(target, function(obj, val, key) {
-    var shouldRecurse = true;
+    let shouldRecurse = true;
 
     if(TEST_REGEX.test(key)) {
       delete obj[key];
@@ -72,7 +71,7 @@ function sanitize(target, options) {
 
 function middleware(options) {
   return function(req, res, next) {
-    ['body', 'params', 'query'].forEach(function(k) {
+    ['body', 'params', 'headers', 'query'].forEach(function(k) {
       if(req[k]) {
         req[k] = sanitize(req[k], options);
       }