New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Doesn't Seem To Differentiate Post vs Get vs URL #3
Comments
I agree, if If you do not expect any get-parameters you could use req.query = null; as a workaround to unset all query-parameters before doing the asserts. So currently Any thoughts? |
Yeah sorry my bad, misunderstood what I was looking at. (I guess I was trying to be optimistic.) To me req.param() seems like a rather large security hole in it's current form for unsuspecting programmers. Ask for variables via post have them given to req.param via get. But that is just me. |
Yeah, I admit You can still use plain node-validator to validate just the bits that you want so you don't get confused by strange express.js magic ;) Maybe you might consider filing an issue for express.js that addresses your concerns? |
Another idea would be to add something like req.query.assert('email')
req.body.assert('email')
etc. But I'm not sure how useful that would be if the application later still can use |
Yeah I may go to just regular node-validator and sadly drop this, but I do understand sticking with the way expressjs handles things. Posted here expressjs/express#622 |
Cool, thanks for the upstream issue. Closing this one. |
Hmm, after I've read the issue I reopen the issue here. I'll think about some way to handle that stuff nicer in express-validator. |
The only thing I can think of is having it where you either pass the |
#32 provides a special method |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
If I pass post and get parameters to an app.post and try and assert values it uses the get parameters.
curl -d 'password=1234567' http://localhost:3000/backend/check/?password=fjf
Password can't be shorter than 6 characters and it throws an exception.
Maybe use a similar syntax to req.param('password', req.body) with req.assert('password)?
The text was updated successfully, but these errors were encountered: