-
-
Notifications
You must be signed in to change notification settings - Fork 615
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using escape sanitizer returns string for JSON input #1295
Labels
Comments
Hey, can you
|
Thanks for replying.
|
Is your concern that non-string inputs such as |
Totally yes. Because of this, usage of app.use(express.json()) or bodyParser becomes void. |
This is expected behaviour. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
const app = express();
.....
app.use(express.json());
After this during validation/sanitization if 'escape()' is used on req.body then req.body is coverted to string and return rather than returning json which was provided as input.
To Reproduce
....
app.use(express.json());
//inside request handler
check(.**).escape().trim() //.** (glob to select every filed till left of a large json payload).
Expected behavior
After escaping html tags, should return the received input json as json rather than string
Current behavior
Environment:
The text was updated successfully, but these errors were encountered: