XSS sanitizer

👉 Usage

Prisma-AppSync automatically perform XSS sanitization and encode all data coming through the GraphQL API.

Take a look at this example:

1/ Assuming the following GraphQL Input: mutation maliciousPost($title: String!) { createPost(data: { title: $title }) { title } } { "title": "<IMG SRC=\"javascript:alert('XSS');\">" }

2/ Prisma-AppSync will automatically remove the malicious code and encode Html, before storing anything in the database: Column name Value title &lt;img src&gt;

3/ Finally, the GraphQL API will also automatically clarify (decode) all data before sending the response: console.log(post.title) // output: "<img src>"

👉 Disable xss sanitization

If you prefer to disable data sanitization, set the sanitize option to false when instantiating the Client:

const prismaAppSync = new PrismaAppSync({ sanitize: false })