1+ <!DOCTYPE html> < html lang ="en "> < head > < meta charSet ="utf-8 "/> < meta http-equiv ="X-UA-Compatible " content ="IE=edge "/> < title > Sanitization middlewares · express-validator</ title > < meta name ="viewport " content ="width=device-width "/> < meta name ="generator " content ="Docusaurus "/> < meta name ="description " content ="These methods are all available via `require('express-validator')`. "/> < meta name ="docsearch:version " content ="6.2.0 "/> < meta name ="docsearch:language " content ="en "/> < meta property ="og:title " content ="Sanitization middlewares · express-validator "/> < meta property ="og:type " content ="website "/> < meta property ="og:url " content ="https://express-validator.github.io/index.html "/> < meta property ="og:description " content ="These methods are all available via `require('express-validator')`. "/> < meta name ="twitter:card " content ="summary "/> < link rel ="shortcut icon " href ="/img/favicon.png "/> < link rel ="stylesheet " href ="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/default.min.css "/> < script type ="text/javascript " src ="https://buttons.github.io/buttons.js "> </ script > < script src ="/js/scrollSpy.js "> </ script > < link rel ="stylesheet " href ="/css/main.css "/> < script src ="/js/codetabs.js "> </ script > </ head > < body class ="sideNavVisible separateOnPageNav "> < div class ="fixedHeaderContainer "> < div class ="headerWrapper wrapper "> < header > < a href ="/ "> < img class ="logo " src ="/img/logo.svg " alt ="express-validator "/> < h2 class ="headerTitleWithLogo "> express-validator</ h2 > </ a > < a href ="/versions.html "> < h3 > 6.2.0</ h3 > </ a > < div class ="navigationWrapper navigationSlider "> < nav class ="slidingNav "> < ul class ="nav-site nav-site-internal "> < li class ="siteNavGroupActive "> < a href ="/docs/6.2.0/index.html " target ="_self "> Docs</ a > </ li > < li class ="siteNavGroupActive "> < a href ="/docs/6.2.0/check-api.html " target ="_self "> API</ a > </ li > < li class =""> < a href ="https://github.com/express-validator/express-validator " target ="_self "> GitHub</ a > </ li > </ ul > </ nav > </ div > </ header > </ div > </ div > < div class ="navPusher "> < div class ="docMainWrapper wrapper "> < div class ="docsNavContainer " id ="docsNav "> < nav class ="toc "> < div class ="toggleNav "> < section class ="navWrapper wrapper "> < div class ="navBreadcrumb wrapper "> < div class ="navToggle " id ="navToggler "> < div class ="hamburger-menu "> < div class ="line1 "> </ div > < div class ="line2 "> </ div > < div class ="line3 "> </ div > </ div > </ div > < h2 > < i > ›</ i > < span > API</ span > </ h2 > < div class ="tocToggler " id ="tocToggler "> < i class ="icon-toc "> </ i > </ div > </ div > < div class ="navGroups "> < div class ="navGroup "> < h3 class ="navGroupCategoryTitle "> Introduction</ h3 > < ul class =""> < li class ="navListItem "> < a class ="navItem " href ="/docs/6.2.0/index.html "> Getting Started</ a > </ li > </ ul > </ div > < div class ="navGroup "> < h3 class ="navGroupCategoryTitle "> Features</ h3 > < ul class =""> < li class ="navListItem "> < a class ="navItem " href ="/docs/6.2.0/sanitization.html "> Sanitization</ a > </ li > < li class ="navListItem "> < a class ="navItem " href ="/docs/6.2.0/custom-validators-sanitizers.html "> Custom validators/sanitizers</ a > </ li > < li class ="navListItem "> < a class ="navItem " href ="/docs/6.2.0/custom-error-messages.html "> Custom Error Messages</ a > </ li > < li class ="navListItem "> < a class ="navItem " href ="/docs/6.2.0/wildcards.html "> Wildcards</ a > </ li > < li class ="navListItem "> < a class ="navItem " href ="/docs/6.2.0/schema-validation.html "> Schema Validation</ a > </ li > < li class ="navListItem "> < a class ="navItem " href ="/docs/6.2.0/whole-body-validation.html "> Whole Body Validation</ a > </ li > < li class ="navListItem "> < a class ="navItem " href ="/docs/6.2.0/running-imperatively.html "> Running validations imperatively</ a > </ li > </ ul > </ div > < div class ="navGroup "> < h3 class ="navGroupCategoryTitle "> API</ h3 > < ul class =""> < li class ="navListItem "> < a class ="navItem " href ="/docs/6.2.0/check-api.html "> Validation middlewares</ a > </ li > < li class ="navListItem "> < a class ="navItem " href ="/docs/6.2.0/validation-chain-api.html "> Validation Chain API</ a > </ li > < li class ="navListItem navListItemActive "> < a class ="navItem " href ="/docs/6.2.0/filter-api.html "> Sanitization middlewares</ a > </ li > < li class ="navListItem "> < a class ="navItem " href ="/docs/6.2.0/sanitization-chain-api.html "> Sanitization Chain API</ a > </ li > < li class ="navListItem "> < a class ="navItem " href ="/docs/6.2.0/matched-data-api.html "> matchedData()</ a > </ li > < li class ="navListItem "> < a class ="navItem " href ="/docs/6.2.0/validation-result-api.html "> validationResult()</ a > </ li > </ ul > </ div > </ div > </ section > </ div > < script >
2+ var coll = document . getElementsByClassName ( 'collapsible' ) ;
3+ var checkActiveCategory = true ;
4+ for ( var i = 0 ; i < coll . length ; i ++ ) {
5+ var links = coll [ i ] . nextElementSibling . getElementsByTagName ( '*' ) ;
6+ if ( checkActiveCategory ) {
7+ for ( var j = 0 ; j < links . length ; j ++ ) {
8+ if ( links [ j ] . classList . contains ( 'navListItemActive' ) ) {
9+ coll [ i ] . nextElementSibling . classList . toggle ( 'hide' ) ;
10+ coll [ i ] . childNodes [ 1 ] . classList . toggle ( 'rotate' ) ;
11+ checkActiveCategory = false ;
12+ break ;
13+ }
14+ }
15+ }
16+
17+ coll [ i ] . addEventListener ( 'click' , function ( ) {
18+ var arrow = this . childNodes [ 1 ] ;
19+ arrow . classList . toggle ( 'rotate' ) ;
20+ var content = this . nextElementSibling ;
21+ content . classList . toggle ( 'hide' ) ;
22+ } ) ;
23+ }
24+
25+ document . addEventListener ( 'DOMContentLoaded' , function ( ) {
26+ createToggler ( '#navToggler' , '#docsNav' , 'docsSliderActive' ) ;
27+ createToggler ( '#tocToggler' , 'body' , 'tocActive' ) ;
28+
29+ var headings = document . querySelector ( '.toc-headings' ) ;
30+ headings && headings . addEventListener ( 'click' , function ( event ) {
31+ var el = event . target ;
32+ while ( el !== headings ) {
33+ if ( el . tagName === 'A' ) {
34+ document . body . classList . remove ( 'tocActive' ) ;
35+ break ;
36+ } else {
37+ el = el . parentNode ;
38+ }
39+ }
40+ } , false ) ;
41+
42+ function createToggler ( togglerSelector , targetSelector , className ) {
43+ var toggler = document . querySelector ( togglerSelector ) ;
44+ var target = document . querySelector ( targetSelector ) ;
45+
46+ if ( ! toggler ) {
47+ return ;
48+ }
49+
50+ toggler . onclick = function ( event ) {
51+ event . preventDefault ( ) ;
52+
53+ target . classList . toggle ( className ) ;
54+ } ;
55+ }
56+ } ) ;
57+ </ script > </ nav > </ div > < div class ="container mainContainer "> < div class ="wrapper "> < div class ="post "> < header class ="postHeader "> < a class ="edit-page-link button " href ="https://github.com/express-validator/express-validator/edit/master/docs/api-filter.md " target ="_blank " rel ="noreferrer noopener "> Edit</ a > < h1 class ="postHeaderTitle "> Sanitization middlewares</ h1 > </ header > < article > < div > < span > < p > These methods are all available via < code > require('express-validator')</ code > .</ p >
58+ < h2 > < a class ="anchor " aria-hidden ="true " id ="sanitizefields "> </ a > < a href ="#sanitizefields " aria-hidden ="true " class ="hash-link "> < svg class ="hash-link-icon " aria-hidden ="true " height ="16 " version ="1.1 " viewBox ="0 0 16 16 " width ="16 "> < path fill-rule ="evenodd " d ="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z "> </ path > </ svg > </ a > < code > sanitize(fields)</ code > </ h2 >
59+ < ul >
60+ < li > < code > field</ code > : a string or an array of strings of field names to validate against.</ li >
61+ </ ul >
62+ < blockquote >
63+ < p > < em > Returns:</ em > a < a href ="/docs/6.2.0/sanitization-chain-api.html "> Sanitization Chain</ a > </ p >
64+ </ blockquote >
65+ < p > Creates a sanitization chain for one or more fields. They may be located in any of the following request objects:</ p >
66+ < ul >
67+ < li > < code > req.body</ code > </ li >
68+ < li > < code > req.cookies</ code > </ li >
69+ < li > < code > req.params</ code > </ li >
70+ < li > < code > req.query</ code > </ li >
71+ </ ul >
72+ < p > < em > * < code > req.headers</ code > is < strong > not</ strong > supported at the moment.</ em > </ p >
73+ < p > If any of the fields are present in more than one location, then all instances of that field value will be sanitized.</ p >
74+ < h2 > < a class ="anchor " aria-hidden ="true " id ="sanitizebodyfields "> </ a > < a href ="#sanitizebodyfields " aria-hidden ="true " class ="hash-link "> < svg class ="hash-link-icon " aria-hidden ="true " height ="16 " version ="1.1 " viewBox ="0 0 16 16 " width ="16 "> < path fill-rule ="evenodd " d ="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z "> </ path > </ svg > </ a > < code > sanitizeBody(fields)</ code > </ h2 >
75+ < p > Same as < code > sanitize(fields)</ code > , but only sanitizing < code > req.body</ code > .</ p >
76+ < h2 > < a class ="anchor " aria-hidden ="true " id ="sanitizecookiefields "> </ a > < a href ="#sanitizecookiefields " aria-hidden ="true " class ="hash-link "> < svg class ="hash-link-icon " aria-hidden ="true " height ="16 " version ="1.1 " viewBox ="0 0 16 16 " width ="16 "> < path fill-rule ="evenodd " d ="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z "> </ path > </ svg > </ a > < code > sanitizeCookie(fields)</ code > </ h2 >
77+ < p > Same as < code > sanitize(fields)</ code > , but only sanitizing < code > req.cookies</ code > .</ p >
78+ < h2 > < a class ="anchor " aria-hidden ="true " id ="sanitizeparamfields "> </ a > < a href ="#sanitizeparamfields " aria-hidden ="true " class ="hash-link "> < svg class ="hash-link-icon " aria-hidden ="true " height ="16 " version ="1.1 " viewBox ="0 0 16 16 " width ="16 "> < path fill-rule ="evenodd " d ="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z "> </ path > </ svg > </ a > < code > sanitizeParam(fields)</ code > </ h2 >
79+ < p > Same as < code > sanitize(fields)</ code > , but only sanitizing < code > req.params</ code > .</ p >
80+ < h2 > < a class ="anchor " aria-hidden ="true " id ="sanitizequeryfields "> </ a > < a href ="#sanitizequeryfields " aria-hidden ="true " class ="hash-link "> < svg class ="hash-link-icon " aria-hidden ="true " height ="16 " version ="1.1 " viewBox ="0 0 16 16 " width ="16 "> < path fill-rule ="evenodd " d ="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z "> </ path > </ svg > </ a > < code > sanitizeQuery(fields)</ code > </ h2 >
81+ < p > Same as < code > sanitize(fields)</ code > , but only sanitizing < code > req.query</ code > .</ p >
82+ < h2 > < a class ="anchor " aria-hidden ="true " id ="buildsanitizefunctionlocations "> </ a > < a href ="#buildsanitizefunctionlocations " aria-hidden ="true " class ="hash-link "> < svg class ="hash-link-icon " aria-hidden ="true " height ="16 " version ="1.1 " viewBox ="0 0 16 16 " width ="16 "> < path fill-rule ="evenodd " d ="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z "> </ path > </ svg > </ a > < code > buildSanitizeFunction(locations)</ code > </ h2 >
83+ < ul >
84+ < li > < code > locations</ code > : an array of request locations to gather data from.< br >
85+ May include any of < code > body</ code > , < code > cookies</ code > , < code > params</ code > or < code > query</ code > .</ li >
86+ </ ul >
87+ < blockquote >
88+ < p > < em > Returns:</ em > a variant of < a href ="#sanitizefields "> < code > sanitize()</ code > </ a > sanitizing the given request locations.</ p >
89+ </ blockquote >
90+ < p > Creates a variant of < a href ="#sanitizefields "> < code > sanitize()</ code > </ a > that sanitizes the given request locations.</ p >
91+ < pre > < code class ="hljs css language-js "> < span class ="hljs-keyword "> const</ span > { buildSanitizeFunction } = < span class ="hljs-built_in "> require</ span > (< span class ="hljs-string "> 'express-validator'</ span > );
92+ < span class ="hljs-keyword "> const</ span > sanitizeBodyAndQuery = buildSanitizeFunction([< span class ="hljs-string "> 'body'</ span > , < span class ="hljs-string "> 'query'</ span > ]);
93+
94+ app.put(< span class ="hljs-string "> '/update-product'</ span > , [
95+ < span class ="hljs-comment "> // id being either in req.body or req.query will be converted to int</ span >
96+ sanitizeBodyAndQuery(< span class ="hljs-string "> 'id'</ span > ).toInt()
97+ ], productUpdateHandler)
98+ </ code > </ pre >
99+ </ span > </ div > </ article > </ div > < div class ="docs-prevnext "> < a class ="docs-prev button " href ="/docs/6.2.0/validation-chain-api.html "> < span class ="arrow-prev "> ← </ span > < span > Validation Chain API</ span > </ a > < a class ="docs-next button " href ="/docs/6.2.0/sanitization-chain-api.html "> < span > Sanitization Chain API</ span > < span class ="arrow-next "> →</ span > </ a > </ div > </ div > </ div > < nav class ="onPageNav "> < ul class ="toc-headings "> < li > < a href ="#sanitizefields "> < code > sanitize(fields)</ code > </ a > </ li > < li > < a href ="#sanitizebodyfields "> < code > sanitizeBody(fields)</ code > </ a > </ li > < li > < a href ="#sanitizecookiefields "> < code > sanitizeCookie(fields)</ code > </ a > </ li > < li > < a href ="#sanitizeparamfields "> < code > sanitizeParam(fields)</ code > </ a > </ li > < li > < a href ="#sanitizequeryfields "> < code > sanitizeQuery(fields)</ code > </ a > </ li > < li > < a href ="#buildsanitizefunctionlocations "> < code > buildSanitizeFunction(locations)</ code > </ a > </ li > </ ul > </ nav > </ div > < footer class ="nav-footer " id ="footer "> < section class ="sitemap "> < a href ="/ " class ="nav-home "> < img src ="/img/logo.svg " alt ="express-validator " width ="66 " height ="58 "/> </ a > < div > < h5 > Docs</ h5 > < a href ="/docs/index.html "> Getting Started</ a > < a href ="/docs/check-api.html "> API Reference</ a > </ div > < div > < h5 > Community</ h5 > < a href ="http://stackoverflow.com/questions/tagged/express-validator " target ="_blank " rel ="noreferrer noopener "> Stack Overflow</ a > </ div > < div > < h5 > More</ h5 > < a href ="https://github.com/express-validator/express-validator "> GitHub</ a > < a class ="github-button " href ="https://github.com/express-validator/express-validator " data-icon ="octicon-star " data-count-href ="/express-validator/express-validator/stargazers " data-show-count ="true " data-count-aria-label ="# stargazers on GitHub " aria-label ="Star this project on GitHub "> Star</ a > </ div > </ section > < section class ="copyright "> Copyright © 2019 express-validator</ section > </ footer > </ div > </ body > </ html >
0 commit comments