Improved isDecimal and isInt validations, don't leak xss #39

Merged
merged 5 commits into from Oct 29, 2011

Projects

None yet

2 participants

@ctavan
Contributor
ctavan commented Oct 27, 2011

I added these two patches by @MaVo159 since I think isDecimal should

  • Disallow empty strings
  • Allow leading zeros like 01.123
  • Allow scientific notation like 2.2250738585072011e-308

and isInt should

  • Allow leading zeros like 01
  • Allow just zeros like 000

We also discovered an error in the test-suite: Basically all checks for failing values are useless, since they are entirely wrapped in a try catch block which means that also the exceptions raised by assert.ok(false) are always caught which results in none of these exceptions ever showing up.

We have fixed that for the isDecimal and isInt tests, see ctavan@b11c522#L1R229

Do you think you might fix the remaining tests at some point?

Cheers,
Christoph

ctavan added some commits Oct 27, 2011
@ctavan ctavan Improve isDecimal validation
- Disallow empty strings
- Allow leading zeros like 01.123
- Allow scientific notation like 2.2250738585072011e-308
b11c522
@ctavan ctavan Improve isInt validation
- Allow leading zeros like 01
- Allow just zeros like 000

Original patch by MaVo159
1ec97aa
@ctavan ctavan Fix unescaped - 79952c2
@ctavan ctavan Convert filter to unix file format 8784c2f
@ctavan ctavan Don't leak xss into global scope 5b29f6d
Contributor
ctavan commented Oct 28, 2011

I've added another fix which prevents the variable xss from being leaked into the global score.

Owner
chriso commented Oct 29, 2011

Thanks for this. I'll leave #40 open and get around to fixing the other tests when I have some time.

@chriso chriso merged commit d5d1262 into chriso:master Oct 29, 2011
@boutell boutell added a commit to boutell/node-validator that referenced this pull request May 15, 2012
@boutell boutell Fixed chriso#77 semicolon in wrong place when ensuring semicolon in a…
…n entity like '
e819669
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment