Replies: 3 comments
-
|
Maybe another piece of middleware higher up in the chain? For example: const express = require('express');
const bodyParser = require('body-parser');
const mongoSanitize = require('express-mongo-sanitize');
const app = express();
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json());
app.use((req, res, next) => {
console.log(res.body);
next();
});
app.use(mongoSanitize()); |
Beta Was this translation helpful? Give feedback.
-
|
Yes, doing that way gonna work fine, however with that middleware on top of mongoSanitize, I have to log the incoming body data on every request and there is no decision path or state to check if the body is dirtied on that new function coz all of that logics are performed by your libs and I mean the signal should be emitted from there, It would be nice if you can provide some more flexibility by allows registering callback function sth like preSanitize & PostSanitize. (This is not feature request though just asking incase it might useful for others) |
Beta Was this translation helpful? Give feedback.
-
|
@fiznool Hey, I am also looking for an option to do this. I want to sanitize all requests, however, if there is a malicious request and If I use My specific use case is: If a malicious request is sent, I want to log it and be notified, so I can check it out. |
Beta Was this translation helpful? Give feedback.
-
Hi Fiznool, Are there any options available for retrieve the req.body before it got sanitized, My use-case is that I want to log the shape of data that malicious user try to perform on my site, I have tried the option: dryRun:true though and I can access the version before the payload(req.body) being cleaned which is great, however with that DryRun, the whole sanitization proces is cancelled an what I receive at the route middleware function is look the same as when you request it on postman. Any help?
Beta Was this translation helpful? Give feedback.
All reactions