Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v4] Enum sanitise allows the result to be empty string #436

Open
MasonD opened this issue Jan 20, 2022 · 0 comments
Open

[v4] Enum sanitise allows the result to be empty string #436

MasonD opened this issue Jan 20, 2022 · 0 comments
Labels
impact/medium type/bug

Comments

@MasonD
Copy link
Contributor

MasonD commented Jan 20, 2022

An empty string is not a valid graphql enum, but if a developer uses a weird enum value for a dataobject (say, '' or '-'), then sanitise will be fine with chomping that entirely down to the empty string '' and returning that. This doesn't cause any server-side errors and the graphql server will happily compile and serve responses, even responding to introspection queries.

But an empty enum value isn't valid graphql and this can cause interop problems with clients and developer tooling such as graphql-codegen.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
impact/medium type/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MasonD @emteknetnz