Use case of sanitize middlewares

[BigFax]

It's possible to use sanitize methods (trim, normalizeEmail, escape...) in validators :

body('q')
  .trim()

I don't understand when sanitize middleware are required :

sanitizeBody('q')
  .trim()

These two examples are the same for me.

Someone could explain me ?

[usamamashkoor]

did you find solution i am facing the same problem...?

[BigFax]

I am using validator body('q').trim(), but i still don't get when to use sanitizeBody('q').trim().

In the doc here, it is mentionned that if the field isn't validated we may use sanitizeBody(). But it looks like it is the same behavior as body().

Maybe sanitize middlewares was useful in previous versions but not anymore.

[usamamashkoor]

@BigFax Thanks for quick reply but if it is not working then how we can handle the xss attacks on input...?

[BigFax]

It is working fine. My question isn't about XSS.

Check here for XSS : https://github.com/cure53/DOMPurify

[usamamashkoor]

@BigFax the above link is not working can you please chcek it...?

[gustavohenke]

@BigFax indeed the sanitization middlewares don't have a big space these days.
They were mostly carried over from legacy APIs to the new ones, and they don't do anything special.
Will introduce some deprecation notices and eventually remove them.

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.