{"id":24780744,"url":"https://github.com/genediazjr/disinfect","last_synced_at":"2025-07-18T07:07:58.616Z","repository":{"id":8738683,"uuid":"58987806","full_name":"genediazjr/disinfect","owner":"genediazjr","description":"Request query, payload, and params sanitization for Hapi","archived":false,"fork":false,"pushed_at":"2022-11-03T05:25:53.000Z","size":131,"stargazers_count":21,"open_issues_count":0,"forks_count":9,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-07-05T03:26:20.333Z","etag":null,"topics":["caja","disinfect","hapi"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/genediazjr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-05-17T03:34:48.000Z","updated_at":"2023-04-01T12:09:23.000Z","dependencies_parsed_at":"2023-01-13T14:58:30.785Z","dependency_job_id":null,"html_url":"https://github.com/genediazjr/disinfect","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/genediazjr/disinfect","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/genediazjr%2Fdisinfect","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/genediazjr%2Fdisinfect/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/genediazjr%2Fdisinfect/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/genediazjr%2Fdisinfect/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/genediazjr","download_url":"https://codeload.github.com/genediazjr/disinfect/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/genediazjr%2Fdisinfect/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265716306,"owners_count":23816354,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["caja","disinfect","hapi"],"created_at":"2025-01-29T10:50:40.082Z","updated_at":"2025-07-18T07:07:58.337Z","avatar_url":"https://github.com/genediazjr.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# disinfect\n[![NodeCI](https://github.com/genediazjr/disinfect/actions/workflows/nodeci.yml/badge.svg)](https://github.com/genediazjr/disinfect/actions/workflows/nodeci.yml)\n[![CodeQL](https://github.com/genediazjr/disinfect/actions/workflows/codeql.yml/badge.svg)](https://github.com/genediazjr/disinfect/actions/workflows/codeql.yml)\n[![NPM Version](https://badge.fury.io/js/disinfect.svg)](https://www.npmjs.com/disinfect)\n[![NPM Downloads](https://img.shields.io/npm/dt/disinfect.svg?maxAge=2592000)](https://www.npmjs.com/disinfect)\n[![Code Climate](https://codeclimate.com/github/genediazjr/disinfect/badges/gpa.svg)](https://codeclimate.com/github/genediazjr/disinfect)\n[![Known Vulnerabilities](https://snyk.io/test/github/genediazjr/disinfect/badge.svg)](https://snyk.io/test/github/genediazjr/disinfect)\n\nHapi plugin to apply Google's [Caja](https://github.com/google/caja) HTML Sanitizer on route query, payload, and params.\n\n* Capable for custom sanitization and per-route configuration.\n* Can also be used for input formatting using the custom sanitizer option.\n* Can be disabled per route.\n\n## Usage\n\n```js\nconst registerPlugins = async (server) =\u003e Promise.all([\n    server.register({\n        plugin: require('disinfect'),\n        options: {\n            disinfectQuery: true,\n            disinfectParams: true,\n            disinfectPayload: true\n        }\n    })\n]);\n\nregisterPlugins(server)\n    .then(() =\u003e {\n        // ...\n    })\n    .catch((err) =\u003e {\n        // ...\n    })\n\n```\n[Glue](https://github.com/hapijs/glue) manifest\n```js\nregister: {\n    plugins: [\n        {\n            plugin: require('disinfect'),\n            options: {\n                disinfectQuery: true,\n                disinfectParams: true,\n                disinfectPayload: true\n            }\n        }\n    ]\n}\n```\n\n## Options\n\n* **deleteEmpty** - remove empty query or payload keys.\n* **deleteWhitespace** - remove whitespace query, payload, or params keys.\n* **disinfectQuery** - sanitize query strings.\n* **disinfectParams** - sanitize url params.\n* **disinfectPayload** - sanitize payload.\n* **genericSanitizer** - custom synchronous function to do the sanitization of query, payload, and params.\n* **querySanitizer** - custom synchronous function to do the sanitization of query strings.\n* **paramsSanitizer** - custom synchronous function to do the sanitization of url params.\n* **payloadSanitizer** - custom synchronous function to do the sanitization of payload.\n\n`deleteEmpty` and `deleteWhitespace` defaults to `false`.\n\n`disinfectQuery`, `disinfectParams`, and `disinfectPayload` defaults to `false`. If set to true, object will be passed to `caja` first before custom sanitizers.\n\n```\ndirtyObject -\u003e`Caja` sanitizer -\u003e `genericSanitizer` -\u003e `query-`, `params-`, or `payload-` sanitizer -\u003e deleteWhitespace -\u003e deleteEmpty -\u003e cleanObject.\n```\n\n`genericSanitizer`, `querySanitizer`, `paramsSanitizer`, and `payloadSanitizer` should be in the following format:\n\n```js\nconst customSanitizer = (dirtyObj) =\u003e {\n    // ...\n    return cleanObj;\n}\n```\n\nAll options can be passed on a per-[route](http://hapijs.com/api#route-options) basis. Route options overrides server options.\n\n```js\n// example\n{\n    path: '/',\n    method: 'get',\n    handler: (request, reply) =\u003e {\n        ...\n    },\n    options: {\n        plugins: {\n            disinfect: {\n                disinfectQuery: true,\n                disinfectParams: false,\n                disinfectPayload: true\n            }\n        }\n    }\n}\n```\n\nDisable on a route.\n```js\n{\n    path: '/',\n    method: 'get',\n    handler: (request, reply) =\u003e {\n        ...\n    },\n    options: {\n        plugins: {\n            disinfect: false\n        }\n    }\n}\n```\n\n## Contributing\n* Include 100% test coverage\n* Follow the [Hapi coding conventions](http://hapijs.com/styleguide)\n* Submit an issue first for significant changes.\n\n## Credits\n* [hapi-sanitize-payload](https://github.com/lob/hapi-sanitize-payload) - Hapi plugin to sanitize the request payload\n* [Caja-HTML-Sanitizer](https://github.com/theSmaw/Caja-HTML-Sanitizer) - Bundles Google Caja's HTML Sanitizer within a npm installable node.js module\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgenediazjr%2Fdisinfect","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgenediazjr%2Fdisinfect","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgenediazjr%2Fdisinfect/lists"}