Cunning way of sanitizing options

There are times in developer’s life when we have to deal with some huge function prototypes and there is absolutely now way to make it easier or more simple.

In those times there might come a need to use incoming options (or params) object thought multiple of shared private functions.

There is good practice to always sanitize incoming data. Validation is also nice, but sanitizing is enough for trusted environment. If the worst case is that something won’t work exactly as developer expected, but still will works for a user, there’s no need to throw Exception and break the whole thing.

If private functions share some options parameters (like endpoint url data) it’s good to sanitize it just once and use them as trusted ones afterwards.

I had this problem couple of months ago and after thinking a lot how to make it clever without causing additional CPU overhead, I figure out the following pattern:

var HugeClass = function () {
    this.publicMethod = function (options){
        options = _sanitizeOptions(options);
        var foo = _privateFunction1(options),
            foo2 = _privateFunction2(options);
    function _privateFunction1(options) {
       	options = _sanitizeOptions(options);
        // do smth
    function _privateFunction2(options) {
        options = _sanitizeOptions(options);
        // do smth
    function _sanitizeOptions(options){
        if (options instanceof SanitizedOptions) {
         	return options;   
     	var requiredBooleans = ['foo', 'bar'];
         	if (keyName in options) {
             	options[keyName] = !!options[keyName];   
            } else {
             	options[keyName] = false;   
        var sanitized = $.extend(new SanitizedOptions(), options);
        return sanitized;
    var SanitizedOptions = function(){};

Every time options are being used, function asks the “sanitizeOptions” for basic sanitization.

The sanitizeOptions method checks if the options are already sanitized and if it’s true just return them as trusted ones. Of not, do the sanitization and flag them as SanitizedOptions instance.

Of course it might be enough to just add another property like options.sanitized = true; but this is not as secure as marking the object as another instance.

First of all, property can be set or change from anywhere (outside, inside, naming conflict, etc.).

Second of all, SanitizedOptions function is unique per the class. It’s impossible to make your own SanitizedOptions from the outside. It’s because “a instanceof B” checks if a was created by function B which has reference somewhere in the memory. It’s not checking the name of the function, it’s checking the memory reference.

Leave a Reply

Your email address will not be published. Required fields are marked *