Express request object containing user input to sanitize
Express response object (unused)
Express next function to continue middleware chain
// Usage in main application middleware stack
import { sanitizeInput } from '@/shared/middleware/security';
app.use(express.json());
app.use(express.urlencoded({ extended: true }));
app.use(sanitizeInput); // Apply after body parsing
Input Sanitization Middleware
Sanitizes incoming request data by removing null bytes and control characters that could be used in injection attacks or cause parsing issues. This middleware processes request body, query parameters, and URL parameters recursively, handling nested objects and arrays while preserving data structure.
The sanitization process removes characters in the range \x00-\x1F (control characters) and \x7F (DEL character) from string values. This helps prevent null byte injection, control character injection, and other low-level attacks while maintaining data integrity.
Applied early in the middleware stack after body parsing to ensure all user input is sanitized before reaching application logic or validation layers.