In nodeJS, we can get POST data by this:
<input type="text" name="doc[a]"/>
var doc = req.body.doc;
When I get 'doc', I insert into MongoDB using native-mongodb collection.insert(doc, ..)
I wonder if when doing POST request, I inject this kind of data
doc[a][b][c][d][e][f][g][h][i][j][.]... = xxxx
doc[b] = yyy
doc[e] = zzz
I only need doc[a] buy would end up having doc.a.b.c.d.f.g... like this in Node and MongoDB right? What is a good solution to prevent that to happen?
Information about MongoDB Injection can be found at the official docs. and Here are some security guidelines from PHP. The solution is pretty simple - type cast it to string.