Merge pull request #23 from pariazar/fix/broken-whitelist

pariazar · web-flow · commit 32ff0f08c74b · 2024-03-20T15:09:09.000-07:00
Fix/broken whitelist
diff --git a/index.js b/index.js
@@ -7,7 +7,7 @@ function middleware(
 ) {
   return (req, res, next) => {
     only.forEach((k) => {
-      if (req[k] && !whiteList.some((v) => req.url.trim().includes(v))) {
+      if (req[k] && !whiteList.some((v) => req.url.trim().startsWith(v))) {
         req[k] = sanitize.prepareSanitize(req[k], options);
       }
     });
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "perfect-express-sanitizer",
-  "version": "1.0.13",
+  "version": "1.0.14",
   "description": "a complete package to control user input data to prevent Cross Site Scripting (XSS) ,Sql injection and no Sql injection attack",
   "main": "index.js",
   "scripts": {

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@ function middleware(`
`7`	`7`	`) {`
`8`	`8`	`return (req, res, next) => {`
`9`	`9`	`only.forEach((k) => {`
`10`		`- if (req[k] && !whiteList.some((v) => req.url.trim().includes(v))) {`
	`10`	`+ if (req[k] && !whiteList.some((v) => req.url.trim().startsWith(v))) {`
`11`	`11`	`req[k] = sanitize.prepareSanitize(req[k], options);`
`12`	`12`	`}`
`13`	`13`	`});`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "perfect-express-sanitizer",`
`3`		`- "version": "1.0.13",`
	`3`	`+ "version": "1.0.14",`
`4`	`4`	`"description": "a complete package to control user input data to prevent Cross Site Scripting (XSS) ,Sql injection and no Sql injection attack",`
`5`	`5`	`"main": "index.js",`
`6`	`6`	`"scripts": {`