Overview
The Text Shield node sanitizes input text to prevent malicious code injection, including HTML, JavaScript, and optionally SQL injection. It is useful in scenarios where user-generated content or external data needs to be cleaned before further processing or storage, such as in web applications, data pipelines, or automation workflows. For example, it can sanitize user comments to remove harmful scripts or clean SQL queries to avoid injection attacks.
Use Case Examples
- Sanitizing user input in a web form to prevent XSS attacks.
- Cleaning text data before storing it in a database to avoid SQL injection.
Properties
| Name | Meaning |
|---|---|
| Text to Sanitize | The input text that needs to be sanitized to remove potentially harmful code. |
| Output Field Name | The name of the new field in the output JSON where the sanitized text will be stored. |
| Sanitize SQL | A boolean flag indicating whether to additionally sanitize the text against SQL injection patterns after HTML sanitization. |
Output
JSON
- The sanitized text after HTML and optional SQL sanitization.
Dependencies
- dompurify (for HTML sanitization)
- jsdom (to create a DOM environment for dompurify)
Troubleshooting
- If the input text is not sanitized as expected, ensure the 'Text to Sanitize' property is correctly set and contains the text to be cleaned.
- If SQL sanitization is enabled but some SQL injection patterns still appear, verify the input text format and consider additional custom sanitization rules.
- Errors during execution may be caught and returned in the output JSON under an 'error' field if 'Continue On Fail' is enabled.
Links
- DOMPurify GitHub - Library used for HTML sanitization to prevent XSS attacks.
- jsdom GitHub - Library used to create a DOM environment in Node.js for DOMPurify to work.