Is there a way to escape all values in a nested object when the keys are unknown?

[mmacdo54]

Say I have a req.body like so

{ user_info: { custom: { '63': 'aaaaaaaa' }, email: 'test@test.com', name: 'A Name', } }

I want run body().escape() on it all but when I do I get custom as '[object Object]'.

The thing to note here is I will not know what keys are inside custom and also I will not know what keys are inside user_info. The fields that come through are completely unknown. So I have tried [body('user_info.custom.*').escape(), body('user_info.*).escape()] but this still return custom as [object Object]. I really just want to escape every key that comes through. But is this possible when I dont know the key names and it is nested like this?

[nukuutos]

There is a problem with unknown level of nested.

You can go through every key of user_info(one level of nested) like this

  body("user_info.*").customSanitizer((value) => {
    // if you really know that your values are objects{} and strings
    const isObject = typeof value === "object";

    if (isObject) return value;
    return myEscapeFunction(value);
  }),

But there's also a problem that you need to have your own escape function.

[gustavohenke]

Hey,
This is now possible in v7.0.0 with globstar support.

• To find all fields: **
• To find all fields called name anywhere: **.name
• To find all fields under some other field: foo.**
• ...go crazy. You can even mix with regular wildcards. E.g. foo.*.bar.**.baz

Docs here