Feature request: remove unknown fields
See original GitHub issueUntil now, you have allowUnknown*
, which make sure that keys not intended in the data are passed through or not.
This is a feature request:
Modify the options, such that keys not intended to be in the data are dropped. The idea comed from Paperwork:
Paperwork now silently removes unknown fields from the validated blob. This is done so you never pass unvalidated data to your code. For instance, if an attacker was to pass an extra id, you might end up using it to update the wrong object in your database.
I also pushed this idea for isvalid. There we use the following schema:
unknownBody
with the possible values of ‘allow’, ‘deny’, ‘remove’
Instad of allowUnknown*: false
and allowUnknown*: true
The reason is the following: middleware frameworks such as Angular are sending a lot more framework specific data within the JSON, which I want to be removed.
Issue Analytics
- State:
- Created 8 years ago
- Reactions:2
- Comments:5
Top GitHub Comments
I found a workaround, with
customSanitizer
Going off the previous post, you can create your own reusable function like this:
and use it like this: