-
-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Passing an array containing an object with .toString set to a string will break all methods of validator.js #486
Comments
Have you tried the latest version ( Your example |
Yes, I'm using the latest version. |
Ah I see that it's the native > validator.toString([{toString: 'foo'}])
TypeError: Cannot convert object to primitive value
at Array.toString (native)
at Object.validator.toString (/Users/chris/Documents/personal/validator.js/validator.js:132:31) Note the same thing happens when the object is deeply nested: > validator.toString([[[[[[[[[{toString: 'foo'}]]]]]]]]])
TypeError: Cannot convert object to primitive value
at Array.toString (native)
at Array.toString (native)
at Array.toString (native)
at Array.toString (native)
at Array.toString (native)
at Array.toString (native)
at Array.toString (native)
at Array.toString (native)
at Array.toString (native)
at Object.validator.toString (/Users/chris/Documents/personal/validator.js/validator.js:132:31) What do you expect to happen here? The only way to avoid an error like this is to do a deep scan of all array elements. The library is for validating strings so really this is outside the scope of the library. The alternative is just to drop calling diff --git i/validator.js w/validator.js
index 52ba176..7cc1a95 100644
--- i/validator.js
+++ w/validator.js
@@ -127,13 +127,7 @@
};
validator.toString = function (input) {
- if (typeof input === 'object' && input !== null) {
- if (typeof input.toString === 'function') {
- input = input.toString();
- } else {
- input = '[object Object]';
- }
- } else if (input === null || typeof input === 'undefined' || (isNaN(input) && !input.length)) {
+ if (input === null || typeof input === 'undefined' || (isNaN(input) && !input.length)) {
input = '';
}
return '' + input; This is a reasonably large breaking change though. |
Just a note that passing an object containing > validator.toString({toString: 'foo'})
'[object Object]' The object has to be nested in an array for the error to occur: > validator.toString([{toString: 'foo'}])
TypeError: Cannot convert object to primitive value
at Array.toString (native)
at Object.validator.toString (/Users/chris/Documents/personal/validator.js/validator.js:132:31)
at repl:1:11
at REPLServer.defaultEval (repl.js:252:27)
at bound (domain.js:287:14)
at REPLServer.runBound [as eval] (domain.js:300:12)
at REPLServer.<anonymous> (repl.js:417:12)
at emitOne (events.js:95:20)
at REPLServer.emit (events.js:182:7)
at REPLServer.Interface._onLine (readline.js:211:10) Also note that |
Yeah I'm inclined to say that guarding against this is outside the scope of the library. Messing with The following also breaks the library: validator.isEmail({toString: function () { throw new Error(); }}); We obviously shouldn't have to guard against that or suppress the error by wrapping the If you want to check untrusted input then you could coerce it yourself: try {
// coerce to a string
untrusted_input += '';
} catch (err) {
// input is invalid
} |
Indeed dropping The following code will always return true, which is technically not accurate.
Don't know if it's intentional or not, but again, thanks for this great library! |
Agreed that it's not ideal. I've tried to make the fact that the library validates strings only very clear. In v5 I might look at removing string coercion altogether, since it seems to be a major source of confusion/bugs: if (typeof input !== 'string') {
throw new Error('this library validates strings only');
} That'd be a bit of a breaking change 😉 |
Good Idea! A deprecation notice would be a great way to start. |
I see no logic in printing the deprecation warning when calling |
@pesho |
The following will break :
The reason is because calling
.toString()
here will natively calltoString
on every index of the array and since in our case,toString
isn't a function, it will simply throw an exception.The text was updated successfully, but these errors were encountered: