Releases: fiznool/express-mongo-sanitize
Releases · fiznool/express-mongo-sanitize
v2.2.0
Added
- New
config option:
allowDots boolean: if set, allows dots in the user-supplied data #41
Fixed
- Prevent null pointer exception when using
dryRun option #88
v2.1.0
Added
- New
config options:
onSanitize callback: this will be called after the request's value was sanitized, with two named parameters: the key that was sanitized, and the raw req object.dryRun boolean: if set, sanitization will not take place. Useful when combined with onSanitize to report on the keys which would have been sanitized.
- TypeScript types
- Official support for node v16.
v2.0.2
Fixed
- Fixed a prototype pollution security vulnerability. #34
Updated
v2.0.1
Updated
- Update dependencies and test against node 14.
Changed
- Use ESLint instead of JSHint for code linting.
- Use GitHub Actions for CI instead of Travis.
v2.0.0
Added / Breaking
- Support sanitization of headers. #5
Note that if you weren't previously expecting headers to be sanitized, this is considered a breaking change.
Breaking
- Drop support for node versions < 10.
v1.3.2
Fixed
- Fixed an issue when using the sanitizer in the node REPL. #3
v1.3.1
Fixed
- Fixed an issue with objects containing prohibited keys nested inside other objects with prohibited keys. #2
- Added a more robust check for plain objects.
v1.3.0
Added
- A new function
has, which checks whether a passed object/array contains any keys with prohibited characters.
v1.2.0
Added
- A new option
replaceWith which can be used to replace offending characters in a key. This is an alternative to removing the data from the payload.
v1.1.0
Added
- The middleware also now sanitizes keys with a
.. This is in line with Mongo's reserved operators.
