Inline query sanitizer

2019-05-18 21:58:07 -07:00 · 2019-05-18 21:58:07 -07:00 · 397a9f8915
parent e8ea13c809
commit 397a9f8915
1 changed files with 9 additions and 12 deletions
--- a/modules/middleware/validateQuery.js
+++ b/modules/middleware/validateQuery.js
@ -10,22 +10,19 @@ function isKnownQueryParam(param) {
  return !!knownQueryParams[param];
 }

-function sanitizeQuery(originalQuery) {
-  const query = {};
-
-  Object.keys(originalQuery).forEach(param => {
-    if (isKnownQueryParam(param)) query[param] = originalQuery[param];
-  });
-
-  return query;
-}
-
 /**
 * Reject URLs with invalid query parameters to increase cache hit rates.
 */
 export default function validateQuery(req, res, next) {
-  if (!Object.keys(req.query).every(isKnownQueryParam)) {
-    return res.redirect(302, req.path + createSearch(sanitizeQuery(req.query)));
+  const keys = Object.keys(req.query);
+
+  if (!keys.every(isKnownQueryParam)) {
+    const newQuery = keys.filter(isKnownQueryParam).reduce((query, key) => {
+      query[key] = req.query[key];
+      return query;
+    }, {});
+
+    return res.redirect(302, req.path + createSearch(newQuery));
  }

  next();