Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Feature request: remove unknown fields

See original GitHub issue

Until now, you have allowUnknown*, which make sure that keys not intended in the data are passed through or not.

This is a feature request:

Modify the options, such that keys not intended to be in the data are dropped. The idea comed from Paperwork:

Paperwork now silently removes unknown fields from the validated blob. This is done so you never pass unvalidated data to your code. For instance, if an attacker was to pass an extra id, you might end up using it to update the wrong object in your database.

I also pushed this idea for isvalid. There we use the following schema:

  • unknownBody with the possible values of ‘allow’, ‘deny’, ‘remove’

Instad of allowUnknown*: false and allowUnknown*: true

The reason is the following: middleware frameworks such as Angular are sending a lot more framework specific data within the JSON, which I want to be removed.

Issue Analytics

  • State:closed
  • Created 8 years ago
  • Reactions:2
  • Comments:5

github_iconTop GitHub Comments

1reaction
francescovigolungocommented, Nov 15, 2019

I found a workaround, with customSanitizer

sanitize('*').customSanitizer((value, { req, location, path }) => {
       if(path === 'field_to_delete'){
             delete req.body[path];
             return;
       }
       return value;
 })
0reactions
dubiousandrewcommented, May 20, 2020

Going off the previous post, you can create your own reusable function like this:

export const removeFieldsSanitizer = (remove: Array<string>) =>
  sanitize("*").customSanitizer((value, { req, location, path }) => {
    if (remove.find((v) => v === path)) {
      delete req.body[path];
      return;
    }
    return value;
  });

and use it like this:

router.post('/edit-user', 
[removeFieldsSanitizer(['password', 'username'])], (req, res)=>{...});
Read more comments on GitHub >

github_iconTop Results From Across the Web

Features install/revert does not remove additional fields from ...
I have a site that I'm trying to convert to using features for its, features instead of random content types here and there....
Read more >
Return errors or ignore unknown fields - Google Groups
Let's say to auth a user I need to specify fields: "username" and "password". The client POSTs to the API fields: "name" and...
Read more >
Solved: How do I get rid of the yellow Missing fields from...
under "Options" you find "Forget all Missing Fields" or "Forget Highlighted Missing Fields". You can remove these yellow fields using one of ...
Read more >
How to Ignore Unknown Properties While Parsing JSON in ...
Jackson API provides two ways to ignore unknown fields, first at the class level using @JsonIgnoreProperties annotation and second at the ObjectMapper level ......
Read more >
How should an API handle unsupported fields?
I am not aware of an authoritative source, but the downside to refusing to handle a request with extraneous fields is that adding...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Response headers from error should be application/json

Next page

doesn't work with angular 9 version