Skip to content

Add XSS sanitizer middleware to Express instance#877

Merged
LaGodxy merged 6 commits into
StarkMindsHQ:mainfrom
Biokes:main
Apr 29, 2026
Merged

Add XSS sanitizer middleware to Express instance#877
LaGodxy merged 6 commits into
StarkMindsHQ:mainfrom
Biokes:main

Conversation

@Biokes

@Biokes Biokes commented Apr 27, 2026

Copy link
Copy Markdown
  • add global XSS sanitization middleware that cleans request body, query, and params
  • wire the middleware in main.ts after body parsers to ensure all inputs are sanitized before controllers run

Closes #822

Copilot AI review requested due to automatic review settings April 27, 2026 07:02
@drips-wave

drips-wave Bot commented Apr 27, 2026

Copy link
Copy Markdown

@Biokes Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a global XSS sanitization layer to the NestJS/Express request pipeline to sanitize inbound request data before it reaches controllers, addressing Issue #822.

Changes:

  • Introduces xssSanitizerMiddleware to sanitize req.body, req.query, and req.params recursively.
  • Wires the sanitizer into the Express instance in src/main.ts after the JSON/urlencoded body parsers.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
src/main.ts Registers the new sanitizer middleware in the global Express middleware chain.
src/common/middleware/xss-sanitizer.middleware.ts Implements recursive sanitization using the xss library for strings, arrays, and plain objects.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/common/middleware/xss-sanitizer.middleware.ts Outdated
Comment thread src/main.ts
Comment on lines 47 to 51
const expressInstance = httpAdapter.getInstance();
expressInstance.use(expressInstance.json({ limit: maxRequestSize }));
expressInstance.use(expressInstance.urlencoded({ limit: maxRequestSize, extended: true }));
expressInstance.use(xssSanitizerMiddleware);

Comment thread src/common/middleware/xss-sanitizer.middleware.ts
@LaGodxy

LaGodxy commented Apr 27, 2026

Copy link
Copy Markdown
Contributor

@Biokes fix the CI.

@Biokes

Biokes commented Apr 27, 2026

Copy link
Copy Markdown
Author

@Biokes fix the CI.

fixed

@LaGodxy

LaGodxy commented Apr 27, 2026

Copy link
Copy Markdown
Contributor

@Biokes

@LaGodxy

LaGodxy commented Apr 28, 2026

Copy link
Copy Markdown
Contributor

@Biokes please fix the CI

@LaGodxy LaGodxy merged commit 984c168 into StarkMindsHQ:main Apr 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add Input Sanitization

3 participants