sbqq
Reputation: 1091
Nest.js - Sanitize request body
I would like to ask you if nestjs provides some kind of request's body escapeing to prevent XSS attacks.
If it doesn't, is there any "best-practice" to achieve this kind of protection?
Thanks!
Upvotes: 4
Views: 9437
Answers (2)
João Silva
Reputation: 167
You need to use class-sanitizer and apply sanitize(payload)
Upvotes: 0
arceliver
Reputation: 356
Yes, you can use a interceptor to serialize the data in and out your api.
https://docs.nestjs.com/techniques/serialization
And you can use a Sanitize Pipe, just to clean some garbage that comes with your body request based on your parameter type.
import {ArgumentMetadata, Injectable, PipeTransform} from '@nestjs/common';
import {plainToClass} from 'class-transformer';
@Injectable()
export class SanitizePipe implements PipeTransform {
constructor(private readonly className: any) {}
transform(value: any, metadata: ArgumentMetadata) {
return plainToClass(this.className, value, {excludeExtraneousValues:true}) as object as any;
}
}
and you can apply this pipe running as a decorator on your controller:
@UsePipes(new SanitizePipe(CreateUserDTO))
Hope it helps.
Upvotes: 5
Related Questions
- Accept form-data in Nest.js
- How to Properly Sanitize NestJS Input?
- Express: Prevent bodyParser from parsing request
- How do I pass plain text as my request body using NestJS?
- nestjs 413 payload too large MULTIPART
- Send Post request with Headers in Nestjs
- Handling nested body in nest js for POST requests
- Prevent node xss sanitizer on specific post requests
- How to sanitize data in NestJs?
- How to sanitize all body params including complex object