Web forms present a security vulnerability on websites where hackers can potentially interact with a database. A seemingly harmless form or URL parameters can be a place for hackers to inject malicious code to a server.
One method of preventing SQL injection is to sanitize inputs. Input sanitization is a cybersecurity measure of checking, cleaning, and filtering data inputs before using them.
validator.js is a library of string validators and sanitizers that can be used server-side with Node.js.
validator.js can be used to validate forms and sanitize inputs before using a form value in the application code.
Note that there is a package named
express-validator that wraps
validator.js functions for use in
In the next exercises, we’ll differentiate between input validation and input cleaning. We’ll apply these techniques on a simple web app.
require() function to include the
validator package in app.js in a variable named
Press the Check Work button to check your work.