"use strict"; var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) { var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d; if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc); else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r; return c > 3 && r && Object.defineProperty(target, key, r), r; }; exports.__esModule = true; exports.RequestSanitizerMiddleware = void 0; var common_1 = require("@nestjs/common"); var RequestSanitizerMiddleware = /** @class */ (function () { function RequestSanitizerMiddleware() { } RequestSanitizerMiddleware.prototype.use = function (req, res, next) { if (req.headers) { this.sanitizeObject(req.headers); } if (req.query) { this.sanitizeObject(req.query); } if (req.body) { this.sanitizeObject(req.body); } next(); }; RequestSanitizerMiddleware.prototype.sanitizeObject = function (obj) { var _this = this; Object.keys(obj).forEach(function (key) { if (typeof obj[key] === 'string') { obj[key] = _this.sanitizeString(obj[key]); } else if (typeof obj[key] === 'object' && obj[key] !== null) { _this.sanitizeObject(obj[key]); } }); }; RequestSanitizerMiddleware.prototype.sanitizeString = function (str) { // Remover tags HTML básicas str = str.replace(/<(|\/|[^>\/bi]|\/[^>bi]|[^\/>][^>]+|\/[^>][^>]+)>/g, ''); // Remover scripts JavaScript str = str.replace(/javascript:/g, ''); str = str.replace(/on\w+=/g, ''); // Remover comentários HTML str = str.replace(//g, ''); // Sanitizar caracteres especiais para evitar SQL injection str = str.replace(/'/g, "''"); return str; }; RequestSanitizerMiddleware = __decorate([ common_1.Injectable() ], RequestSanitizerMiddleware); return RequestSanitizerMiddleware; }()); exports.RequestSanitizerMiddleware = RequestSanitizerMiddleware;