All notable changes to this project will be documented in this file. This project adheres to Semantic Versioning.
2.2.0 - 2022-01-14
- New
configoption:allowDotsboolean: if set, allows dots in the user-supplied data #41
- Prevent null pointer exception when using
dryRunoption #88
2.1.0 - 2021-05-11
- New
configoptions:onSanitizecallback: this will be called after the request's value was sanitized, with two named parameters: thekeythat was sanitized, and the rawreqobject.dryRunboolean: if set, sanitization will not take place. Useful when combined withonSanitizeto report on the keys which would have been sanitized.
- TypeScript types
- Official support for node v16.
2.0.2 - 2021-01-07
- Fixed a prototype pollution security vulnerability. #34
- Update dependencies.
2.0.1 - 2020-12-02
- Update dependencies and test against node 14.
- Use ESLint instead of JSHint for code linting.
- Use GitHub Actions for CI instead of Travis.
2.0.0 - 2020-03-25
- Support sanitization of headers. #5
Note that if you weren't previously expecting headers to be sanitized, this is considered a breaking change.
- Drop support for node versions < 10.
1.3.2 - 2017-01-12
- Fixed an issue when using the sanitizer in the node REPL. #3
1.3.1 - 2017-01-12
- Fixed an issue with objects containing prohibited keys nested inside other objects with prohibited keys. #2
- Added a more robust check for plain objects.
1.3.0 - 2016-01-15
- A new function
has, which checks whether a passed object/array contains any keys with prohibited characters.
1.2.0 - 2016-01-13
- A new option
replaceWithwhich can be used to replace offending characters in a key. This is an alternative to removing the data from the payload.
1.1.0 - 2016-01-13
- The middleware also now sanitizes keys with a
.. This is in line with Mongo's reserved operators.
Initial Release.