New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
query sanitation is not happening or not mutating req.query object #1080
Comments
Does it work with edit: I think it does (ref: expressjs/express#2752). We should mention it in the docs as a FAQ. |
Hi @fedeci Thank you for taking a look into this. Just tested with express v ^4.17.1 and sanitation works as expected on that version. So whatever that is it is introduced in express v ^5.0.0-alpha.8 Also just updated the initial description with better test example KR, |
We can do nothing until express 5 is still a |
@fedeci yes, I tend to agree. Thank you for paying attention |
FYI as a workaround for this, we've been calling the associated methods from |
Y, that does not mutate the original req object and works👍 |
express 5 has been coming for so many years. I don't have too many ideas about how i'd fix this, but one possibility that might appease to some is using |
query sanitation is not happening or not mutating req.query object
try sending this:
http://localhost:3030/?saitizedParam=%20%20%20Hello%20world%20:%3E)%20%20%20&testLenParam=qwerty&textParam=123test
console will output the same unsanitized value ie.e Hello world :>) with > and spaces kept
Validator.js version: 6.12.1
Express.js version: 5.0.0-alpha.8
Node.js version: v14.15.5
OS platform: windows
The text was updated successfully, but these errors were encountered: