(Ad revenue is used to cover hosting costs and nice little presents for my little daugther.)

Secure your JSON response with walter-whitelist.
Jan 10, 2016


My friend @andrenarchy from @paperhive recently released his new javascript library walter-whitelist .

walter-whitelist allows you to validate (and filter) your incoming and outgoing JSON objects. You can define the fields that are allowed for your object and decide what to do in case of discrepancies.

Let me show you how it works:

const whitelist = require('walter-whitelist');


// Lets imagine we have a bidding site. A user can answer a question.
// The answer is the numerical representation that must be as close to
// the real numerical answer.
// From our database connector we get  the resulting database row
// including all informations: The questions, the exact answer, the creator,
// time of creation, etc..


// Case 1: Use walter-whitelist to ensure we only pass legit information.
let dbresult = { question: 'How old is @basicinside', answer: 30, creator: ... };
let allowed = { question: true }; // We only want to expose the question
result = whitelist(dbresult, allowed);


// This throws a WhitelistError. Whoever implemented the code retrieving the 
// database result selected to many informations. This should not happen.


// Case 2: Use walter-whitelist to ensure we only pass legit information, but
// do not throw an error, but filter the output instead.
let dbresult = { question: 'How old is @basicinside', answer: 30, creator: ... };
let allowed = { question: true }; // We only want to expose the question
result = whitelist(dbresult, allowed, {omitDisallowed: true});


// This returns only the allowed key + value pairs:
// result = { question: 'How old is @basicinside' }

And the best thing is, that is works recursively. Try it out!

You can install it using npm as usual:

npm install walter-whitelist

Please also check the github page of walter-whitelist . It contains additional documentation and use cases.