You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ValidationPipe does not validate the type of primitive arguments (@Query / @Param), but when the transform argument is true then it converts primitives from string values. One side effect of this is that optional query params that are not specified, get converted from undefined to NaN. This will be fixed in this open PR. Another side effect is that values that are obviously non-numeric get converted to NaN.
This is technically correct, because even though NaN means "Not a Number", its type is number (because JS is a mess). But it's definitely surprising, and I would argue that it's a bug for the ValidationPipe to turn "abc" into NaN and thus "pass" validation, rather than treating the request as an error.
Navigate to (stackblitz URL)/123, page shows "ID 123 is number"
Navigate to (stackblitz URL)/abc, page shows "ID NaN is number"
Expected behavior
ValidationPipe should reject requests when a parameter is supposed to be a number but converts as NaN.
Package
I don't know. Or some 3rd-party package
@nestjs/common
@nestjs/core
@nestjs/microservices
@nestjs/platform-express
@nestjs/platform-fastify
@nestjs/platform-socket.io
@nestjs/platform-ws
@nestjs/testing
@nestjs/websockets
Other (see below)
Other package
No response
NestJS version
10.3.0
Packages versions
[Nest CLI]
Nest CLI Version : 10.3.0
[Nest Platform Information]
platform-express version : 10.3.8
schematics version : 10.1.0
passport version : 10.0.3
swagger version : 7.2.0
testing version : 10.3.0
common version : 10.3.0
config version : 3.1.1
core version : 10.3.0
cli version : 10.3.0
Node.js version
v20.9.0
In which operating systems have you tested?
macOS
Windows
Linux
Other
No response
The text was updated successfully, but these errors were encountered:
@kamilmysliwiec Are you sure that MR fixes this issue? The MR addresses undefined input values, but wouldn't the value when transforming the route param in /abc just be "abc", rather than undefined?
I think you may need to either check that the value is numeric (!isNan(value), isFinite(value) etc) or just go ahead and convert it, then if the result is NaN, just return undefined.
Is there an existing issue for this?
Current behavior
ValidationPipe does not validate the type of primitive arguments (
@Query
/@Param
), but when thetransform
argument is true then it converts primitives from string values. One side effect of this is that optional query params that are not specified, get converted fromundefined
toNaN
. This will be fixed in this open PR. Another side effect is that values that are obviously non-numeric get converted toNaN
.This is technically correct, because even though
NaN
means "Not a Number", its type isnumber
(because JS is a mess). But it's definitely surprising, and I would argue that it's a bug for the ValidationPipe to turn "abc" intoNaN
and thus "pass" validation, rather than treating the request as an error.Minimum reproduction code
https://stackblitz.com/edit/nestjs-typescript-starter-4qeqaj?file=src%2Fmain.ts
Steps to reproduce
(stackblitz URL)/123
, page shows "ID 123 is number"(stackblitz URL)/abc
, page shows "ID NaN is number"Expected behavior
ValidationPipe should reject requests when a parameter is supposed to be a number but converts as
NaN
.Package
@nestjs/common
@nestjs/core
@nestjs/microservices
@nestjs/platform-express
@nestjs/platform-fastify
@nestjs/platform-socket.io
@nestjs/platform-ws
@nestjs/testing
@nestjs/websockets
Other package
No response
NestJS version
10.3.0
Packages versions
[Nest CLI]
Nest CLI Version : 10.3.0
[Nest Platform Information]
platform-express version : 10.3.8
schematics version : 10.1.0
passport version : 10.0.3
swagger version : 7.2.0
testing version : 10.3.0
common version : 10.3.0
config version : 3.1.1
core version : 10.3.0
cli version : 10.3.0
Node.js version
v20.9.0
In which operating systems have you tested?
Other
No response
The text was updated successfully, but these errors were encountered: