Skip to content

Add input sanitization middleware to prevent stored XSS attacks#577

Open
ramya2006sri wants to merge 2 commits into
niharika-mente:mainfrom
ramya2006sri:security/input-sanitization-clean
Open

Add input sanitization middleware to prevent stored XSS attacks#577
ramya2006sri wants to merge 2 commits into
niharika-mente:mainfrom
ramya2006sri:security/input-sanitization-clean

Conversation

@ramya2006sri

Copy link
Copy Markdown
Contributor

Description

This PR adds centralized input sanitization middleware to help prevent stored XSS attacks by sanitizing user-provided text before it is stored in the database.

Changes Made

  • Added a reusable sanitizeInput middleware using sanitize-html.
  • Applied sanitization to product creation and update endpoints.
  • Applied sanitization to review creation and update endpoints.
  • Applied sanitization to user registration.
  • Applied sanitization to newsletter subscription.
  • Added the required sanitize-html dependency.

Security Impact

Previously, user-supplied text fields were stored without sanitization, which could lead to stored XSS if the data is later rendered by API consumers, admin dashboards, or future server-side rendered clients.

This change sanitizes incoming text input by removing HTML tags and attributes before persistence while preserving the existing API behavior.

Type of Change

  • Security improvement
  • Bug fix (non-breaking change)

Testing

  • Verified middleware integration on the updated routes.
  • Confirmed backend compiles after the changes.
  • No breaking changes to existing API endpoints.

Closes #325

@vercel

vercel Bot commented Jul 8, 2026

Copy link
Copy Markdown

@ramya2006sri is attempting to deploy a commit to the niharika-mente's projects Team on Vercel.

A member of the Team first needs to authorize it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Security: Add input sanitization middleware to prevent stored XSS attacks

1 participant