Win a copy of Fixing your Scrum this week in the Agile forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Rob Spoor
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Junilu Lacar
  • Tim Cooke
Saloon Keepers:
  • Tim Holloway
  • Piet Souris
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Frits Walraven
  • Himai Minh

Data types of request variables (Express)

 
Ranch Hand
Posts: 386
12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello! Long time no ranch! Whilst longing for a similar JS community I thought I'd double check if there was actually a sub-forum here...  and here it is

Anyway, I've been a bit confused lately whilst trying to test my server side validation and thought someone here might be able to enlighten me

I've been using express-validator's `isString()` method, and suddenly realised that all my client -> server communication comes in as JSON anyway, so is in effect, a string. In other words, why would I ever check whether `req.body.exampleVar` is a string?

I've considered leaving the `isString` check in place, just to be sure, but because I can't pass an integer anyway I can't test if the validation is even working!

I guess what I'm saying is that there's a hole in my knowledge here, and I'd appreciate it if anyone knows either a simple answer or of a good resource I could read on the topic


Thanks!

Nick

PS: is Roel still about?
 
Sheriff
Posts: 67580
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Request parameters are always strings. So checking them as such isn't really checking anything.
 
nick woodward
Ranch Hand
Posts: 386
12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Bear Bibeault wrote:Request parameters are always strings. So checking them as such isn't really checking anything.



That's kind of what I thought. But then I started questioning whether it was because I was using application/json as the content type, or some similar reason.

So if there's no scope for someone passing data that isn't a string, why on earth would express-validator have a `isString()` method? Weird.

Thanks for the reply!

Nick
 
Bear Bibeault
Sheriff
Posts: 67580
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Are you talking about request parameters or the request body?

Both are always strings, but the body is interpreted by the content type mime type (in this case application/json).

For example, if the body represents a binary type (e.g. JPEG image), it'll be passed as the image data encoded as a string (base64 if I recall correctly).

JSON is a string. The mime type tells the receiver that the string in the body is to be interpreted as JSON.
 
nick woodward
Ranch Hand
Posts: 386
12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Bear Bibeault wrote:Are you talking about request parameters or the request body?

Both are always strings, but the body is interpreted by the content type mime type (in this case application/json).

For example, if the body represents a binary type (e.g. JPEG image), it'll be passed as the image data encoded as a string (base64 if I recall correctly).

JSON is a string. The mime type tells the receiver that the string in the body is to be interpreted as JSON.



The body itself - and I use `express.json()` on the server side. So should that be converting each variable (as in req.body.x, req.body.y) to it's intended type? If that's true (and it sounds like it is from your JPEG example) then it's not working as intended, but at least I now know where to look, and that I should probably still validate against types that aren't strings

Thanks!
 
nick woodward
Ranch Hand
Posts: 386
12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
So on the off chance that someone makes the same mistake as me, what I've discovered is that:

1) When `express.urlencoded()` processes FormData it always seems to convert numbers to strings. Whereas `express.json()` for appplication/json data does not.

2) (and this is the annoying one) `express-validator` has methods that are converting numbers to strings. So `.escape().isString()` won't work, but `isString().escape()` will.

I'm no expert but #2 seems pretty short-sighted for a package validating inputs!
 
What a show! What atmosphere! What fun! What a tiny ad!
the value of filler advertising in 2021
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic