You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Schema validation chain doesn't break on matches validation failure.
To Reproduce
const version = {
in: ['body', 'query'],
errorMessage: 'Field "version" is invalid.',
trim: true,
matches: {
options: [versionRe],
},
customSanitizer: {
options: (value) => {
// ...change value to sanitizedValue
return sanitizedValue;
},
},
};
Expected behavior
If my validation fails on matches , customSanitizer still fires and changes value.
Current behavior
Validation must break, so I later can get original value from query or body and send it back to client. But it turns out that field doesn't match my regular expression, customSanitizer is still ok with it though and I send back to client good sanitized value which is not correct obviously. And I'm forced to do extra check inside sanitizer to avoid this behaviour:
customSanitizer: {
options: (value) => {
if (!versionRe.test(value)) return value; // avoid returning sanitized value
// ...change value to sanitizedValue
return sanitizedValue;
},
},
Environment:
Express-validator version: 6.12.0
Express version: 4.17.1
The text was updated successfully, but these errors were encountered:
gustavohenke
changed the title
Schema validation chain doesn't break on matches validation failure.
Schema validation chain doesn't break on validation failure.
Dec 20, 2021
Describe the bug
Schema validation chain doesn't break on
matches
validation failure.To Reproduce
Expected behavior
If my validation fails on
matches
,customSanitizer
still fires and changes value.Current behavior
Validation must break, so I later can get original value from query or body and send it back to client. But it turns out that field doesn't match my regular expression,
customSanitizer
is still ok with it though and I send back to client good sanitized value which is not correct obviously. And I'm forced to do extra check inside sanitizer to avoid this behaviour:Environment:
The text was updated successfully, but these errors were encountered: