Convert url query string to MongooseJs friendly query object including advanced filtering, sorting, population, string template, type casting and many more...
MIT License
68
stars
17
forks
source link
Blacklist not working in JSON filter parameter #16
I've been using mongoose-query-parser in a project and I've detected that advanced filters passed in the corresponding JSON filter query parameter don't go through the blacklist excluding filter. As a result, you end up having blacklisted keys in the resulting query.
I think it would be a great feature, because several security issues arise when this is overlooked.
Good afternoon @leodinas-hao,
I've been using mongoose-query-parser in a project and I've detected that advanced filters passed in the corresponding JSON filter query parameter don't go through the blacklist excluding filter. As a result, you end up having blacklisted keys in the resulting query.
I think it would be a great feature, because several security issues arise when this is overlooked.
Thank you and keep up the good work!