Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Sanitization before validators are run can cause validation to fail
See original GitHub issueIn the legacy API of v4, validators are only run when you try to get the errors/validation result. This is in contrast with previous versions, where validators ran as soon as they were defined.
Because of this, if sanitizers are defined before validators run, some of them could change the input and make the validation fail. This is a regression introduced in v4.
Example from chriso/validator.js#727:
req.checkBody('date_of_birth', 'Date of Birth has invalid date').optional({checkFalsy: true}).isISO8601();
req.sanitize('date_of_birth').toDate();
var errors = req.validationErrors();
// date_of_birth will have failed, because validators ran with a Date object, and not with a string
Issue Analytics
- State:
- Created 6 years ago
- Comments:12 (9 by maintainers)
Top Results From Across the Web
Validation Chain API - express-validator
Stops running validations if any of the previous ones have failed. Useful to prevent a custom validator that touches a database or external...
Read more >How to Validate and Sanitize an ExpressJS Form | by Osio Labs
The form data may be invalid or even hazardous. The erroneous data may be due to a user making an unintentional mistake or...
Read more >Form validation and user input sanitization tricks in laravel
In laravel, request input values can be validated using Validator facade. ... If any one of the above rules fail, validator also fails...
Read more >Validating, sanitizing, and escaping
Sanitation is okay, but validation/rejection is better. Validating: Checking user input. Top ↑. To validate is to ensure that the data ...
Read more >Beginner's Guide To Data Sanitization And Validation In ...
Validation, generally speaking, is the process of ensuring that the data we are about to work with both exists and is what we...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Fix in with v5.1.2!
Okay, so I analyzed this a bit and came to a conclusion that this is an issue of
toDatesanitizer combined withisISO8601validator, exclusively.All values are already being coerced into strings for the standard validators, with some special rules followed:
null/undefined/NaNbecome'';This solves it for pretty much all other validators/sanitizers.
I think
Dateobjects should have a special rule as well, one that calls its.toISOString()method, so that it works with the previous method.P.S.: If you have a different data sample that is broken, please let me know by commenting on this issue!