We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
set()
Do you want to request a feature or report a bug? Bug
What is the current behavior? save, create, set work differently with strict: false.
strict: false
If the current behavior is a bug, please provide the steps to reproduce.
Test script
const mongoose = require('mongoose'); const { model, Schema } = mongoose; var TestSchema = new Schema({ text: { type: String, default: 'text' } }, { strict: false }); TestSchema.methods.someFn = function() { console.log('hi'); } var Test = model('Test', TestSchema); async function main() { await mongoose.connect('mongodb://localhost:27017/test', { useUnifiedTopology: true, useNewUrlParser: true }); await mongoose.connection.dropDatabase(); var unTrusted = { someFn: () => console.log('pwnd') } var x = await Test.create(unTrusted); await x.save(); x.someFn(); var x = new Test(unTrusted); await x.save(); x.someFn(); var x = await Test.create({}); await x.set(unTrusted); x.someFn(); } main() .then(() => process.exit()) .catch((e) => { console.error(e); process.exit(); })
Output strict: false
pwnd pwnd hi
Output strict: true
hi hi hi
What is the expected behavior? Create and save should sanitize input object the same way set() does, and the same as in strict mode.
What are the versions of Node.js, Mongoose and MongoDB you are using? Note that "latest" is not a version. v14.18.1
> require('mongoose').version '6.0.13'
The text was updated successfully, but these errors were encountered:
c419cd0
Thanks @vkarpov15.
Sorry, something went wrong.
No branches or pull requests
Do you want to request a feature or report a bug?
Bug
What is the current behavior?
save, create, set work differently with
strict: false
.If the current behavior is a bug, please provide the steps to reproduce.
Test script
Output strict: false
Output strict: true
What is the expected behavior?
Create and save should sanitize input object the same way
set()
does, and the same as in strict mode.What are the versions of Node.js, Mongoose and MongoDB you are using? Note that "latest" is not a version.
v14.18.1
The text was updated successfully, but these errors were encountered: