Web forms present a security vulnerability on websites where hackers can potentially interact with a database. A seemingly harmless form or URL parameters can be a place for hackers to inject malicious code to a server.
One method of preventing SQL injection is to sanitize inputs. Input sanitization is a cybersecurity measure of checking, cleaning, and filtering data inputs before using them.
validator.js is a library of string validators and sanitizers that can be used server-side with Node.js. validator.js
can be used to validate forms and sanitize inputs before using a form value in the application code.
Note that there is a package named express-validator
that wraps validator.js
functions for use in express
applications.
In the next exercises, we’ll differentiate between input validation and input cleaning. We’ll apply these techniques on a simple web app.
Instructions
Use the require()
function to include the validator
package in app.js in a variable named validator
.
Press the Check Work button to check your work.