-
-
Notifications
You must be signed in to change notification settings - Fork 616
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
An array in the querystring can (by)pass the validation if the first element is correct, but useless when expecting a single value. #755
Comments
Duplicate of #704 |
As a workaround we had to use not().isArray() for all fields or sanitization, eg:
|
Also related to #791 |
Hi hi, https://github.com/express-validator/express-validator/releases/tag/v7.0.0 is out with a fix for this 🙂 |
Hi, You can still by-pass the validation as long as ALL elements are correct: http://localhost:3000/test?type=new&type=new
Workaround: v.query('type').not().isArray().isIn(['new','renewal','upgrade']) Note: |
Hi guys,
Let's suppose we had a GET like that http://localhost:3000/test?type=new&type=foo
It seems that this isn't a desired behavior as this would force us to do a further sanitization in order to consume the single parameter instead of the array.
Is that correct?
Thank you
The text was updated successfully, but these errors were encountered: