Warn on use of sanitization-only middlewares

Closes #781
express-validator · Jan 25, 2020 · e53ee78 · e53ee78
1 parent a1bb255
commit e53ee78
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/docs/api-filter.md b/docs/api-filter.md
@@ -5,6 +5,10 @@ title: Sanitization middlewares
 
 These methods are all available via `require('express-validator')`.
 
+> These sanitization-only middlewares have been deprecated, as the [validation ones](api-check.md)
+offer the same functionality, and much more.
+> They will be removed eventually.
+
 ## `sanitize(fields)`
 - `field`: a string or an array of strings of field names to validate against.
 > *Returns:* a [Sanitization Chain](api-sanitization-chain.md)

diff --git a/src/middlewares/sanitize.ts b/src/middlewares/sanitize.ts
@@ -3,10 +3,21 @@ import { InternalRequest, Location } from '../base';
 import { bindAll } from '../utils';
 import { ContextBuilder } from '../context-builder';
 
+let hasNotified = false;
+
 export function sanitize(
   fields: string | string[] = '',
   locations: Location[] = [],
 ): SanitizationChain {
+  if (!hasNotified) {
+    hasNotified = true;
+    console.warn(
+      'express-validator: sanitize(), sanitizeBody() and other sanitization-only middlewares ' +
+        'have been deprecated.\nPlease use check(), body() and others instead, which must offer ' +
+        'the same API, and more.',
+    );
+  }
+
   const builder = new ContextBuilder()
     .setFields(Array.isArray(fields) ? fields : [fields])
     .setLocations(locations);