O'Reilly logo

Node Security by Dominic Barnes

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Input validation

While protecting against many attack vectors, such as XSS, which we will deal with in the next chapter, it is important to filter and sanitize your inputs as you receive them from the user. This occurs during the request phase of a web application, so we will address it here. The general rule of thumb is to always validate inputs and escape outputs.

A popular library for validating user input is node-validator (https://github.com/chriso/node-validator). This library is by no means the only option, but it is the one we will be using in our examples.

There are several goals of input validation, first of which is to verify that incoming user input matches the criteria of our application and its workflow; for example, you may want to ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required