I will discuss here how to sanitizes user-supplied data. Without below mentioned sanitization, malicious users can send malicious data which can crash/harm our Application and malicious users can stole confidential data.
<h3 id="heading-sanitization">Sanitization-</h3>
<ol>
<li>MongoDB Operator Injection</li>
</ol>
2. Sanitize user input coming from POST body, GET queries, and url params
<blockquote>
MongoDB Operator Injection- Object keys starting with a $ or containing a . are reserved for use by MongoDB as operators. Without this sanitization, malicious users could send an object containing a $ operator, or including a . and can stole confidential data. So to prevent it, follow below mentioned steps
</blockquote>
<ol>
<li>Install- npm install express-mongo-sanitize</li>
<li>Get reference in app/index.js file, Then use it as middleware, Just place after Body parser middleware</li>
</ol>
<img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1639214297964/Wlo7S6Nd3.png" alt />
<img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1639214299831/zfkNtPIrK.png" alt />
<blockquote>
Sanitize user input coming from POST body, GET queries, and url params-
</blockquote>
<ol>
<li>Install- npm install xss-clean — save</li>
<li>Get reference in app/index.js file, Then use it as middleware, Just place after mongoSanitize middleware</li>
</ol>
<img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1639214301702/S_nXb05is.png" alt />
<img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1639214303253/i2uZ2u0My.png" alt />
Now your Node App is Safe from MongoDB Operator Injection, and user supplied data is also clean. Happy Coding…

I will discuss here how to sanitizes user-supplied data. Without below mentioned sanitization, malicious users can send malicious data which can crash/harm our Application and malicious users can stole confidential data.

### Sanitization-

1.  MongoDB Operator Injection

2\. Sanitize user input coming from POST body, GET queries, and url params

> **MongoDB Operator Injection-** Object keys starting with a $ or containing a . are reserved for use by MongoDB as operators. Without this sanitization, malicious users could send an object containing a $ operator, or including a . and can stole confidential data. So to prevent it, follow below mentioned steps

1.  Install**\-** ***npm install express-mongo-sanitize***
2.  Get reference in app/index.js file, Then use it as middleware, Just place after ***Body parser*** *middleware*

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1639214297964/Wlo7S6Nd3.png)

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1639214299831/zfkNtPIrK.png)

> **Sanitize user input coming from POST body, GET queries, and url params-**

1.  Install**\-** **npm install xss-clean — save**
2.  Get reference in app/index.js file, Then use it as middleware, Just place after **mongoSanitize** *middleware*

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1639214301702/S_nXb05is.png)

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1639214303253/i2uZ2u0My.png)

Now your Node App is Safe from MongoDB Operator Injection, and user supplied data is also clean. Happy Coding…

MongoDB/MongoDB Operator Injection, MongoDB Operator Injection,  Data sanitization Node.JS

MongoDB Operator Injection,  Data sanitization Node.JS

Data sanitization Node.JS( MongoDB/MongoDB Operator Injection)

angular, react, javascript, react-native, html, css, vue, node, mongodb