Ref/web app!

How to Sanitize Inputs for Web App Security in Node.js

URL copied to clipboard
By AstroMacGuffin dated  last updated 
![If your website is hackable, it will be hacked eventually.](/static/img/mm/villains/he-buries-the-competitionSmall.jpg) One of the friendly members of the JavaScript Mastery discord server did me a favor by performing some security auditing on this website. I admit, I was in a rush to launch, and I wasn't in any hurry to spend time on security steps. When I tried the `mongo-sanitize` NPM package it did nothing, so there went my lazy option. But I already had code for stripping symbols from a string, thanks to the search index / relevance-weighted search project. It just needed a little adjustment. Once you have something that can sanitize inputs, you need to use it. And, because every input is different, there's no getting around this part - you have to analyze your input-handling code line-by-line for ways you can be hacked. That means inputs that: - get used for database inputs and queries - get used as filenames - get used for logical control structures Here's a brief primer from someone who can explain it like a newbie, because when it comes to security, I only know so much. In other words this is a starting point, not the end-all-be-all, when it comes to web app security.


Valid HTML!Valid CSS!Powered by Node.js!Powered by Express.js!Powered by MongoDB!