File tree Expand file tree Collapse file tree 2 files changed +38
-7
lines changed Expand file tree Collapse file tree 2 files changed +38
-7
lines changed Original file line number Diff line number Diff line change @@ -11,9 +11,9 @@ var withEach = function(target, cb) {
11
11
} else if ( obj instanceof Object ) {
12
12
Object . keys ( obj ) . forEach ( function ( key ) {
13
13
var val = obj [ key ] ;
14
- var shouldRecurse = cb ( obj , val , key ) ;
15
- if ( shouldRecurse ) {
16
- act ( obj [ key ] ) ;
14
+ var resp = cb ( obj , val , key ) ;
15
+ if ( resp . shouldRecurse ) {
16
+ act ( obj [ resp . key || key ] ) ;
17
17
}
18
18
} ) ;
19
19
}
@@ -27,9 +27,9 @@ var has = function(target) {
27
27
withEach ( target , function ( obj , val , key ) {
28
28
if ( TEST_REGEX . test ( key ) ) {
29
29
hasProhibited = true ;
30
- return false ;
30
+ return { shouldRecurse : false } ;
31
31
} else {
32
- return true ;
32
+ return { shouldRecurse : true } ;
33
33
}
34
34
} ) ;
35
35
@@ -50,13 +50,17 @@ var sanitize = function(target, options) {
50
50
if ( TEST_REGEX . test ( key ) ) {
51
51
delete obj [ key ] ;
52
52
if ( replaceWith ) {
53
- obj [ key . replace ( REPLACE_REGEX , replaceWith ) ] = val ;
53
+ key = key . replace ( REPLACE_REGEX , replaceWith ) ;
54
+ obj [ key ] = val ;
54
55
} else {
55
56
shouldRecurse = false ;
56
57
}
57
58
}
58
59
59
- return shouldRecurse ;
60
+ return {
61
+ shouldRecurse : shouldRecurse ,
62
+ key : key
63
+ } ;
60
64
} ) ;
61
65
62
66
return target ;
Original file line number Diff line number Diff line change @@ -345,6 +345,33 @@ describe('Express Mongo Sanitize', function() {
345
345
} , done ) ;
346
346
} ) ;
347
347
} ) ;
348
+
349
+ describe ( 'Nested Object inside one with prohibited chars' , function ( ) {
350
+ it ( 'should sanitize a nested object inside one with prohibited chars in a JSON body' , function ( done ) {
351
+ request ( app )
352
+ . post ( '/body' )
353
+ . send ( {
354
+ username : {
355
+ $gt : 'foo' ,
356
+ 'dotted.data' : {
357
+ 'more.dotted.data' : 'some_data'
358
+ }
359
+ }
360
+ } )
361
+ . set ( 'Content-Type' , 'application/json' )
362
+ . set ( 'Accept' , 'application/json' )
363
+ . expect ( 200 , {
364
+ body : {
365
+ username : {
366
+ _gt : 'foo' ,
367
+ dotted_data : {
368
+ 'more_dotted_data' : 'some_data'
369
+ }
370
+ }
371
+ }
372
+ } , done ) ;
373
+ } ) ;
374
+ } ) ;
348
375
} ) ;
349
376
350
377
describe ( 'Preserve Data: prohibited characters' , function ( ) {
You can’t perform that action at this time.
0 commit comments