Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

matchedData doesn't filter out unvalidated props of array items (if array passes validation) #578

Closed
ulybu opened this issue May 10, 2018 · 4 comments
Closed

matchedData doesn't filter out unvalidated props of array items (if array passes validation) #578

ulybu opened this issue May 10, 2018 · 4 comments
Labels
i: bug
Milestone
v7.0.0

Comments

@ulybu
Copy link

ulybu commented May 10, 2018
edited

Hi,

Sorry for the bad title, didn't know how to phrase it.

I'm making extensive use of matchedData to filter out extra data sent to my endpoint (:heart:), I'm facing issue to apply that to array items while validating the array itself.

Payload

{
  teacher: {},
  students: [
    {_id: "5ac8da18a3ebb3353b108d64", name: "john", unwantedProp: "xx"}
  ],
}

Validation chain 1

body('students.*._id').isMongoId(),
body('students.*.name').exists().isLength({min: 3}),

const {students} = matchedData(req, locations: ['body']);
// here I'm assured that `unwantedProp` has been cleaned out from every items of `students`.
console.log(students[0].unwantedProp);
// undefined

Now let's say I also want to validate the students array itself, like making it mandatory and checking that it's an array. Currently, removing the students array will pass validation :

{
  teacher: {},
}
// pass validation

Issue is, if I add a check for students and it passes, matchedData won't filter out the items properties:

Validation chain 2

body('students').exists().custom(_.isArray),
body('students.*._id').isMongoId(),
body('students.*.name').exists().isLength({min: 3}),

const {students} = matchedData(req, locations: ['body']);
// Now `unwantedProp` has *not* has been cleaned out from every items of `students`.
console.log(students[0].unwantedProp);
// "xx"

Thoughts on how to handle that ?

I could not come up with a clear/good syntax to propose

Thanks!
@gustavohenke
Copy link
Member

Hi @ulybu, thanks for reporting this. It's a difficult problem to tackle.
matchedData() will always include valid data, so if students is an array, then it's valid and will be included.

I'm thinking of something like check(field).hasShape(), and go from there. It could also handle #266/#558.

@prettymuchbryce prettymuchbryce mentioned this issue Jul 4, 2018
Closed
@GitStorageOne
Copy link
Contributor

Any news?

@kasraJ
Copy link

kasraJ commented Oct 13, 2020

Any workaround for this bug?

@gustavohenke gustavohenke mentioned this issue Dec 11, 2020
Closed
@gustavohenke gustavohenke added this to the v7.0.0 milestone Apr 15, 2023
@gustavohenke
Copy link
Member

Hi hi, https://github.com/express-validator/express-validator/releases/tag/v7.0.0 is out with a fix 🙂

@rpt-uk-github rpt-uk-github mentioned this issue Dec 12, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
i: bug
Projects
None yet
Milestone
v7.0.0
Development

No branches or pull requests
4 participants
@gustavohenke @ulybu @GitStorageOne @kasraJ