Closed void5253 closed 2 months ago
By default, keys are not sanitized. However, if you want to sanitize keys, you can use the sanitizeKeys option available in version 2.0.2 or later.
app.use(
sanitizer.clean({
xss: true,
noSql: true,
noSqlLevel: 5,
sanitizeKeys: true,
})
);
I have a collection of mongodb users, and a '/login' route.
If I send a request with body:
I'm expecting middleware to sanitize request to stop nosql injection. But, the request succeeds and I'm able to login even though I expect the middleware to stop this.