Accueil Explorer Aide
Connexion
etouimi
/
SPAMAP-Web-App
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Branche: master
Branches Tags
SPAMAP-Web-App
/
node_modules
/
express-validator
/
docs
/
feature-sanitization.md

feature-sanitization.md 1.3 KB
Lien permanent Historique Raw

id: sanitization

title: Sanitization

Sometimes, receiving input in a HTTP request isn't only about making sure that the data is in the right format, but also that it is free of noise.

validator.js provides a handful of sanitizers that can be used to take care of the data that comes in.

const express = require('express');
const { body } = require('express-validator/check');
const { sanitizeBody } = require('express-validator/filter');

const app = express();
app.use(express.json());

app.post('/comment', [
  body('email')
    .isEmail()
    .normalizeEmail(),
  body('text')
    .not().isEmpty()
    .trim()
    .escape(),
  sanitizeBody('notifyOnReply').toBoolean()
], (req, res) => {
  // Handle the request somehow
});

In the example above, we are validating email and text fields, so we may take advantage of the same chain to apply some sanitization, like e-mail normalization and trimming/HTML escaping.
And because the notifyOnReply field isn't validated, we may use sanitizeBody function from the filter API to convert it to a JavaScript boolean.

Important: please note that sanitization mutates the request. This means that if req.body.text was sent with the value Hello world :>), after the sanitization its value will be Hello world :>).