@@ -26,7 +26,7 @@ describe('Express Mongo Sanitize', function() {
2626 describe ( 'Top-level object' , function ( ) {
2727 it ( 'should sanitize the query string' , function ( done ) {
2828 request ( app )
29- . get ( '/query?q=search&$where=malicious' )
29+ . get ( '/query?q=search&$where=malicious&dotted.data=some_data ' )
3030 . set ( 'Accept' , 'application/json' )
3131 . expect ( 200 , {
3232 query : {
@@ -44,7 +44,8 @@ describe('Express Mongo Sanitize', function() {
4444 and : 1 ,
4545 even : null ,
4646 stop : undefined ,
47- $where : 'malicious'
47+ $where : 'malicious' ,
48+ 'dotted.data' : 'some_data'
4849 } )
4950 . set ( 'Content-Type' , 'application/json' )
5051 . set ( 'Accept' , 'application/json' )
@@ -61,7 +62,7 @@ describe('Express Mongo Sanitize', function() {
6162 it ( 'should sanitize a form url-encoded body' , function ( done ) {
6263 request ( app )
6364 . post ( '/body' )
64- . send ( 'q=search&$where=malicious' )
65+ . send ( 'q=search&$where=malicious&dotted.data=some_data ' )
6566 . set ( 'Content-Type' , 'application/x-www-form-urlencoded' )
6667 . set ( 'Accept' , 'application/json' )
6768 . expect ( 200 , {
@@ -75,7 +76,7 @@ describe('Express Mongo Sanitize', function() {
7576 describe ( 'Nested Object' , function ( ) {
7677 it ( 'should sanitize a nested object in the query string' , function ( done ) {
7778 request ( app )
78- . get ( '/query?username[$gt]=' )
79+ . get ( '/query?username[$gt]=foo&username[dotted.data]=some_data ' )
7980 . set ( 'Accept' , 'application/json' )
8081 . expect ( 200 , {
8182 query : {
@@ -88,7 +89,10 @@ describe('Express Mongo Sanitize', function() {
8889 request ( app )
8990 . post ( '/body' )
9091 . send ( {
91- username : { $gt : '' }
92+ username : {
93+ $gt : 'foo' ,
94+ 'dotted.data' : 'some_data'
95+ }
9296 } )
9397 . set ( 'Content-Type' , 'application/json' )
9498 . set ( 'Accept' , 'application/json' )
@@ -102,7 +106,7 @@ describe('Express Mongo Sanitize', function() {
102106 it ( 'should sanitize a nested object in a form url-encoded body' , function ( done ) {
103107 request ( app )
104108 . post ( '/body' )
105- . send ( 'username[$gt]=' )
109+ . send ( 'username[$gt]=foo&username[dotted.data]=some_data ' )
106110 . set ( 'Content-Type' , 'application/x-www-form-urlencoded' )
107111 . set ( 'Accept' , 'application/json' )
108112 . expect ( 200 , {
@@ -116,7 +120,7 @@ describe('Express Mongo Sanitize', function() {
116120 describe ( 'Nested Object inside an Array' , function ( ) {
117121 it ( 'should sanitize a nested object in the query string' , function ( done ) {
118122 request ( app )
119- . get ( '/query?username[0][$gt]=' )
123+ . get ( '/query?username[0][$gt]=foo&username[0][dotted.data]=some_data ' )
120124 . set ( 'Accept' , 'application/json' )
121125 . expect ( 200 , {
122126 query : {
@@ -129,7 +133,10 @@ describe('Express Mongo Sanitize', function() {
129133 request ( app )
130134 . post ( '/body' )
131135 . send ( {
132- username : [ { $gt : '' } ]
136+ username : [ {
137+ $gt : 'foo' ,
138+ 'dotted.data' : 'some_data'
139+ } ]
133140 } )
134141 . set ( 'Content-Type' , 'application/json' )
135142 . set ( 'Accept' , 'application/json' )
@@ -143,7 +150,7 @@ describe('Express Mongo Sanitize', function() {
143150 it ( 'should sanitize a nested object in a form url-encoded body' , function ( done ) {
144151 request ( app )
145152 . post ( '/body' )
146- . send ( 'username[0][$gt]=' )
153+ . send ( 'username[0][$gt]=foo&username[0][dotted.data]=some_data ' )
147154 . set ( 'Content-Type' , 'application/x-www-form-urlencoded' )
148155 . set ( 'Accept' , 'application/json' )
149156 . expect ( 200 , {
0 commit comments