Home > Software design >  Do I need to sanitize express route parameters?
Do I need to sanitize express route parameters?

Time:05-06

If I have a route in Express with route parameters which are used to query my database, do I need to sanitize this parameter before using it?

CodePudding user response:

What you do and don't need to sanitize is entirely dependent upon what you're doing with it.

The content in a route parameter comes entirely from the user so it can be anything that is allowed in a URL and matches your route parameter. That means there are possibilities that something harmful could be injected within that. But, again whether harm is actually possible or not, depends on the exact code you're using. If you were injecting this user content into a SQL statement, then there are all sorts of bad things it could do. If you were just using it as a programmable query argument in a specific database API, there may be no harm.

So, there is no general purpose answer that applies to all possible uses of the data. It depends on the exact code you're using it in.

If in doubt, sanitize and validate the user input before using it.

Page link:https//www.codepudding.com/Softwaredesign/397324.html

Prev:Selenium Python XPATH element unable to locate element
Next:How to define a variable which implement the interface in Kotlin?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding