1+ <!DOCTYPE html> < html lang ="en "> < head > < meta charSet ="utf-8 "/> < meta http-equiv ="X-UA-Compatible " content ="IE=edge "/> < title > Sanitization middlewares · express-validator</ title > < meta name ="viewport " content ="width=device-width "/> < meta name ="generator " content ="Docusaurus "/> < meta name ="description " content ="<p>These methods are all available via <code>require('express-validator')</code>.</p>
2+ /> < meta name ="docsearch:version " content ="6.0.1 "/> < meta name ="docsearch:language " content ="en "/> < meta property ="og:title " content ="Sanitization middlewares · express-validator "/> < meta property ="og:type " content ="website "/> < meta property ="og:url " content ="https://express-validator.github.io/index.html "/> < meta property ="og:description " content ="<p>These methods are all available via <code>require('express-validator')</code>.</p>
3+ /> < meta name ="twitter:card " content ="summary "/> < link rel ="shortcut icon " href ="/img/favicon.png "/> < link rel ="stylesheet " href ="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/default.min.css "/> < script type ="text/javascript " src ="https://buttons.github.io/buttons.js "> </ script > < script src ="/js/scrollSpy.js "> </ script > < link rel ="stylesheet " href ="/css/main.css "/> < script src ="/js/codetabs.js "> </ script > </ head > < body class ="sideNavVisible separateOnPageNav "> < div class ="fixedHeaderContainer "> < div class ="headerWrapper wrapper "> < header > < a href ="/ "> < img class ="logo " src ="/img/logo.svg " alt ="express-validator "/> < h2 class ="headerTitleWithLogo "> express-validator</ h2 > </ a > < a href ="/versions.html "> < h3 > 6.0.1</ h3 > </ a > < div class ="navigationWrapper navigationSlider "> < nav class ="slidingNav "> < ul class ="nav-site nav-site-internal "> < li class ="siteNavGroupActive "> < a href ="/docs/6.0.1/index.html " target ="_self "> Docs</ a > </ li > < li class ="siteNavGroupActive "> < a href ="/docs/6.0.1/check-api.html " target ="_self "> API</ a > </ li > < li class =""> < a href ="https://github.com/express-validator/express-validator " target ="_self "> GitHub</ a > </ li > </ ul > </ nav > </ div > </ header > </ div > </ div > < div class ="navPusher "> < div class ="docMainWrapper wrapper "> < div class ="container docsNavContainer " id ="docsNav "> < nav class ="toc "> < div class ="toggleNav "> < section class ="navWrapper wrapper "> < div class ="navBreadcrumb wrapper "> < div class ="navToggle " id ="navToggler "> < div class ="hamburger-menu "> < div class ="line1 "> </ div > < div class ="line2 "> </ div > < div class ="line3 "> </ div > </ div > </ div > < h2 > < i > ›</ i > < span > API</ span > </ h2 > < div class ="tocToggler " id ="tocToggler "> < i class ="icon-toc "> </ i > </ div > </ div > < div class ="navGroups "> < div class ="navGroup "> < h3 class ="navGroupCategoryTitle "> Introduction</ h3 > < ul class =""> < li class ="navListItem "> < a class ="navItem " href ="/docs/6.0.1/index.html "> Getting Started</ a > </ li > </ ul > </ div > < div class ="navGroup "> < h3 class ="navGroupCategoryTitle "> Features</ h3 > < ul class =""> < li class ="navListItem "> < a class ="navItem " href ="/docs/6.0.1/sanitization.html "> Sanitization</ a > </ li > < li class ="navListItem "> < a class ="navItem " href ="/docs/6.0.1/custom-validators-sanitizers.html "> Custom validators/sanitizers</ a > </ li > < li class ="navListItem "> < a class ="navItem " href ="/docs/6.0.1/custom-error-messages.html "> Custom Error Messages</ a > </ li > < li class ="navListItem "> < a class ="navItem " href ="/docs/6.0.1/wildcards.html "> Wildcards</ a > </ li > < li class ="navListItem "> < a class ="navItem " href ="/docs/6.0.1/schema-validation.html "> Schema Validation</ a > </ li > < li class ="navListItem "> < a class ="navItem " href ="/docs/6.0.1/whole-body-validation.html "> Whole Body Validation</ a > </ li > < li class ="navListItem "> < a class ="navItem " href ="/docs/6.0.1/running-imperatively.html "> Running validations imperatively</ a > </ li > </ ul > </ div > < div class ="navGroup "> < h3 class ="navGroupCategoryTitle "> API</ h3 > < ul class =""> < li class ="navListItem "> < a class ="navItem " href ="/docs/6.0.1/check-api.html "> Validation middlewares</ a > </ li > < li class ="navListItem "> < a class ="navItem " href ="/docs/6.0.1/validation-chain-api.html "> Validation Chain API</ a > </ li > < li class ="navListItem navListItemActive "> < a class ="navItem " href ="/docs/6.0.1/filter-api.html "> Sanitization middlewares</ a > </ li > < li class ="navListItem "> < a class ="navItem " href ="/docs/6.0.1/sanitization-chain-api.html "> Sanitization Chain API</ a > </ li > < li class ="navListItem "> < a class ="navItem " href ="/docs/6.0.1/matched-data-api.html "> matchedData()</ a > </ li > < li class ="navListItem "> < a class ="navItem " href ="/docs/6.0.1/validation-result-api.html "> validationResult()</ a > </ li > </ ul > </ div > </ div > </ section > </ div > < script >
4+ var coll = document . getElementsByClassName ( 'collapsible' ) ;
5+ var checkActiveCategory = true ;
6+ for ( var i = 0 ; i < coll . length ; i ++ ) {
7+ var links = coll [ i ] . nextElementSibling . getElementsByTagName ( '*' ) ;
8+ if ( checkActiveCategory ) {
9+ for ( var j = 0 ; j < links . length ; j ++ ) {
10+ if ( links [ j ] . classList . contains ( 'navListItemActive' ) ) {
11+ coll [ i ] . nextElementSibling . classList . toggle ( 'hide' ) ;
12+ coll [ i ] . childNodes [ 1 ] . classList . toggle ( 'rotate' ) ;
13+ checkActiveCategory = false ;
14+ break ;
15+ }
16+ }
17+ }
18+
19+ coll [ i ] . addEventListener ( 'click' , function ( ) {
20+ var arrow = this . childNodes [ 1 ] ;
21+ arrow . classList . toggle ( 'rotate' ) ;
22+ var content = this . nextElementSibling ;
23+ content . classList . toggle ( 'hide' ) ;
24+ } ) ;
25+ }
26+
27+ document . addEventListener ( 'DOMContentLoaded' , function ( ) {
28+ createToggler ( '#navToggler' , '#docsNav' , 'docsSliderActive' ) ;
29+ createToggler ( '#tocToggler' , 'body' , 'tocActive' ) ;
30+
31+ var headings = document . querySelector ( '.toc-headings' ) ;
32+ headings && headings . addEventListener ( 'click' , function ( event ) {
33+ var el = event . target ;
34+ while ( el !== headings ) {
35+ if ( el . tagName === 'A' ) {
36+ document . body . classList . remove ( 'tocActive' ) ;
37+ break ;
38+ } else {
39+ el = el . parentNode ;
40+ }
41+ }
42+ } , false ) ;
43+
44+ function createToggler ( togglerSelector , targetSelector , className ) {
45+ var toggler = document . querySelector ( togglerSelector ) ;
46+ var target = document . querySelector ( targetSelector ) ;
47+
48+ if ( ! toggler ) {
49+ return ;
50+ }
51+
52+ toggler . onclick = function ( event ) {
53+ event . preventDefault ( ) ;
54+
55+ target . classList . toggle ( className ) ;
56+ } ;
57+ }
58+ } ) ;
59+ </ script > </ nav > </ div > < div class ="container mainContainer "> < div class ="wrapper "> < div class ="post "> < header class ="postHeader "> < a class ="edit-page-link button " href ="https://github.com/express-validator/express-validator/edit/master/docs/api-filter.md " target ="_blank " rel ="noreferrer noopener "> Edit</ a > < h1 class ="postHeaderTitle "> Sanitization middlewares</ h1 > </ header > < article > < div > < span > < p > These methods are all available via < code > require('express-validator')</ code > .</ p >
60+ < h2 > < a class ="anchor " aria-hidden ="true " id ="sanitizefields "> </ a > < a href ="#sanitizefields " aria-hidden ="true " class ="hash-link "> < svg class ="hash-link-icon " aria-hidden ="true " height ="16 " version ="1.1 " viewBox ="0 0 16 16 " width ="16 "> < path fill-rule ="evenodd " d ="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z "> </ path > </ svg > </ a > < code > sanitize(fields)</ code > </ h2 >
61+ < ul >
62+ < li > < code > field</ code > : a string or an array of strings of field names to validate against.</ li >
63+ </ ul >
64+ < blockquote >
65+ < p > < em > Returns:</ em > a < a href ="/docs/6.0.1/sanitization-chain-api.html "> Sanitization Chain</ a > </ p >
66+ </ blockquote >
67+ < p > Creates a sanitization chain for one or more fields. They may be located in any of the following request objects:</ p >
68+ < ul >
69+ < li > < code > req.body</ code > </ li >
70+ < li > < code > req.cookies</ code > </ li >
71+ < li > < code > req.params</ code > </ li >
72+ < li > < code > req.query</ code > </ li >
73+ </ ul >
74+ < p > < em > * < code > req.headers</ code > is < strong > not</ strong > supported at the moment.</ em > </ p >
75+ < p > If any of the fields are present in more than one location, then all instances of that field value will be sanitized.</ p >
76+ < h2 > < a class ="anchor " aria-hidden ="true " id ="sanitizebodyfields "> </ a > < a href ="#sanitizebodyfields " aria-hidden ="true " class ="hash-link "> < svg class ="hash-link-icon " aria-hidden ="true " height ="16 " version ="1.1 " viewBox ="0 0 16 16 " width ="16 "> < path fill-rule ="evenodd " d ="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z "> </ path > </ svg > </ a > < code > sanitizeBody(fields)</ code > </ h2 >
77+ < p > Same as < code > sanitize(fields)</ code > , but only sanitizing < code > req.body</ code > .</ p >
78+ < h2 > < a class ="anchor " aria-hidden ="true " id ="sanitizecookiefields "> </ a > < a href ="#sanitizecookiefields " aria-hidden ="true " class ="hash-link "> < svg class ="hash-link-icon " aria-hidden ="true " height ="16 " version ="1.1 " viewBox ="0 0 16 16 " width ="16 "> < path fill-rule ="evenodd " d ="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z "> </ path > </ svg > </ a > < code > sanitizeCookie(fields)</ code > </ h2 >
79+ < p > Same as < code > sanitize(fields)</ code > , but only sanitizing < code > req.cookies</ code > .</ p >
80+ < h2 > < a class ="anchor " aria-hidden ="true " id ="sanitizeparamfields "> </ a > < a href ="#sanitizeparamfields " aria-hidden ="true " class ="hash-link "> < svg class ="hash-link-icon " aria-hidden ="true " height ="16 " version ="1.1 " viewBox ="0 0 16 16 " width ="16 "> < path fill-rule ="evenodd " d ="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z "> </ path > </ svg > </ a > < code > sanitizeParam(fields)</ code > </ h2 >
81+ < p > Same as < code > sanitize(fields)</ code > , but only sanitizing < code > req.params</ code > .</ p >
82+ < h2 > < a class ="anchor " aria-hidden ="true " id ="sanitizequeryfields "> </ a > < a href ="#sanitizequeryfields " aria-hidden ="true " class ="hash-link "> < svg class ="hash-link-icon " aria-hidden ="true " height ="16 " version ="1.1 " viewBox ="0 0 16 16 " width ="16 "> < path fill-rule ="evenodd " d ="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z "> </ path > </ svg > </ a > < code > sanitizeQuery(fields)</ code > </ h2 >
83+ < p > Same as < code > sanitize(fields)</ code > , but only sanitizing < code > req.query</ code > .</ p >
84+ < h2 > < a class ="anchor " aria-hidden ="true " id ="buildsanitizefunctionlocations "> </ a > < a href ="#buildsanitizefunctionlocations " aria-hidden ="true " class ="hash-link "> < svg class ="hash-link-icon " aria-hidden ="true " height ="16 " version ="1.1 " viewBox ="0 0 16 16 " width ="16 "> < path fill-rule ="evenodd " d ="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z "> </ path > </ svg > </ a > < code > buildSanitizeFunction(locations)</ code > </ h2 >
85+ < ul >
86+ < li > < code > locations</ code > : an array of request locations to gather data from.< br >
87+ May include any of < code > body</ code > , < code > cookies</ code > , < code > params</ code > or < code > query</ code > .</ li >
88+ </ ul >
89+ < blockquote >
90+ < p > < em > Returns:</ em > a variant of < a href ="#sanitizefields "> < code > sanitize()</ code > </ a > sanitizing the given request locations.</ p >
91+ </ blockquote >
92+ < p > Creates a variant of < a href ="#sanitizefields "> < code > sanitize()</ code > </ a > that sanitizes the given request locations.</ p >
93+ < pre > < code class ="hljs css language-js "> < span class ="hljs-keyword "> const</ span > { buildSanitizeFunction } = < span class ="hljs-built_in "> require</ span > (< span class ="hljs-string "> 'express-validator'</ span > );
94+ < span class ="hljs-keyword "> const</ span > sanitizeBodyAndQuery = buildSanitizeFunction([< span class ="hljs-string "> 'body'</ span > , < span class ="hljs-string "> 'query'</ span > ]);
95+
96+ app.put(< span class ="hljs-string "> '/update-product'</ span > , [
97+ < span class ="hljs-comment "> // id being either in req.body or req.query will be converted to int</ span >
98+ sanitizeBodyAndQuery(< span class ="hljs-string "> 'id'</ span > ).toInt()
99+ ], productUpdateHandler)
100+ </ code > </ pre >
101+ </ span > </ div > </ article > </ div > < div class ="docs-prevnext "> < a class ="docs-prev button " href ="/docs/6.0.1/validation-chain-api.html "> < span class ="arrow-prev "> ← </ span > < span > Validation Chain API</ span > </ a > < a class ="docs-next button " href ="/docs/6.0.1/sanitization-chain-api.html "> < span > Sanitization Chain API</ span > < span class ="arrow-next "> →</ span > </ a > </ div > </ div > </ div > < nav class ="onPageNav "> < ul class ="toc-headings "> < li > < a href ="#sanitizefields "> < code > sanitize(fields)</ code > </ a > </ li > < li > < a href ="#sanitizebodyfields "> < code > sanitizeBody(fields)</ code > </ a > </ li > < li > < a href ="#sanitizecookiefields "> < code > sanitizeCookie(fields)</ code > </ a > </ li > < li > < a href ="#sanitizeparamfields "> < code > sanitizeParam(fields)</ code > </ a > </ li > < li > < a href ="#sanitizequeryfields "> < code > sanitizeQuery(fields)</ code > </ a > </ li > < li > < a href ="#buildsanitizefunctionlocations "> < code > buildSanitizeFunction(locations)</ code > </ a > </ li > </ ul > </ nav > </ div > < footer class ="nav-footer " id ="footer "> < section class ="sitemap "> < a href ="/ " class ="nav-home "> < img src ="/img/logo.svg " alt ="express-validator " width ="66 " height ="58 "/> </ a > < div > < h5 > Docs</ h5 > < a href ="/docs/index.html "> Getting Started</ a > < a href ="/docs/check-api.html "> API Reference</ a > </ div > < div > < h5 > Community</ h5 > < a href ="http://stackoverflow.com/questions/tagged/express-validator " target ="_blank " rel ="noreferrer noopener "> Stack Overflow</ a > </ div > < div > < h5 > More</ h5 > < a href ="https://github.com/express-validator/express-validator "> GitHub</ a > < a class ="github-button " href ="https://github.com/express-validator/express-validator " data-icon ="octicon-star " data-count-href ="/express-validator/express-validator/stargazers " data-show-count ="true " data-count-aria-label ="# stargazers on GitHub " aria-label ="Star this project on GitHub "> Star</ a > </ div > </ section > < section class ="copyright "> Copyright © 2019 express-validator</ section > </ footer > </ div > </ body > </ html >
0 commit comments