Is there a way to restrict allowed uri characters in Expressjs. like set a

Question

0

Asked: June 4, 20262026-06-04T15:41:56+00:00 2026-06-04T15:41:56+00:00

Is there a way to restrict allowed uri characters in Expressjs. like set a

0

Is there a way to restrict allowed uri characters in Expressjs. like set a variable of characters:

allowed_uri_chars = 'a-zA-Z0-9'; etc

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-04T15:41:57+00:00

The most logical and easiest way to go would be to use a regex in some middleware:

var url = require("url");

app.use(function(req, res, next) {
  var pathname = url.parse(req.url).pathname;
  if(!pathname.match(/^[a-z0-9\/]+$/i)) return res.send(403);
  next();
});

Or, as the URL is already parsed by Express, but this is not exposed publicly, you may want to save one call to parse and rely on Express internals (which I wouldn’t advise):

app.use(function(req, res, next) {
  if(!req._parsedUrl.pathname.match(/^[a-z0-9\/]+$/i)) return res.send(403);
  next();
});

This ensures that your pathname (for http://example.com/foo/bar?id=1334, pathname would be /foo/bar) only contains letters, numbers, and slashes. It raises a 403 if not.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Is there a way to restrict allowed uri characters in Expressjs. like set a

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply