Skip to content

Protect Against Parameter Pollution in Express

View on Twitter

💡 HTTP Parameter Pollution (HPP) is an attack in which multiple params are sent with the same name, causing your Node.js app to parse them differently.

👉🏼 Use hpp with Express to always resolve with the last value as a String.

https://www.npmjs.com/package/hpp

Without HPP Protection, parameter type changes from string to array on multiple values. The hpp package for Express protects always resolves to the last value and thus type will always be the same.

You might also like

Quick Server for Incoming Webhooks Read tip

Measure Execution Time With console.time Read tip

Secure Your VPS: Setup Firewall Read tip