1. function sanitizeCollectionInput(collection, allowedMethods = [], overrides = {}) {
  2. if (!Array.isArray(collection)) {
  3. return null; // Or throw an error, depending on desired behavior
  4. }
  6. const sanitizedCollection = [...collection]; // Create a copy to avoid modifying the original
  8. for (let i = 0; i < sanitizedCollection.length; i++) {
  9. const item = sanitizedCollection[i];
  11. if (typeof item === 'object' && item !== null) {
  12. // Handle objects (dictionaries/maps)
  13. for (const key in item) {
  14. if (item.hasOwnProperty(key)) {
  15. const value = item[key];
  17. if (typeof value === 'string') {
  18. //Sanitize string values
  19. const sanitizedValue = value.replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/&/g, "&amp;"); //Basic HTML entity encoding
  20. item[key] = sanitizedValue;
  21. }
  23. //Allow specific methods
  24. if (!allowedMethods.includes(key) && !overrides[key]) {
  25. delete item[key]; //Remove unknown/disallowed properties
  26. }
  27. }
  28. }
  29. }
  30. }
  32. return sanitizedCollection;
  33. }
  35. export default sanitizeCollectionInput;

Add your comment