priyatham
/
Locaft
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Locaft/auth/node_modules/express-validator/docs/feature-sanitization.md

1.3 KiB
Raw Blame History

id title
sanitization Sanitization

Sometimes, receiving input in a HTTP request isn't only about making sure that the data is in the right format, but also that it is free of noise.

validator.js provides a handful of sanitizers that can be used to take care of the data that comes in.

const express = require('express');
const { body } = require('express-validator');

const app = express();
app.use(express.json());

app.post('/comment', [
  body('email')
    .isEmail()
    .normalizeEmail(),
  body('text')
    .not().isEmpty()
    .trim()
    .escape(),
  body('notifyOnReply').toBoolean()
], (req, res) => {
  // Handle the request somehow
});

In the example above, we are validating email and text fields, so we may take advantage of the same chain to apply some sanitization, like e-mail normalization (normalizeEmail) and trimming (trim)/HTML escaping (escape).
The notifyOnReply field isn't validated, but it can still make use of the same check function to convert it to a JavaScript boolean.

Important: please note that sanitization mutates the request. This means that if req.body.text was sent with the value Hello world :>), after the sanitization its value will be Hello world :>).