customSanitizer() called twice (once before, once after validation)

[pkyeck]

I created a super simple express setup with one validation-chain that includes a sanitizer:

'use strict';

const { check } = require('express-validator/check');
const express = require('express');
const moment = require('moment');

const app = express();
app.get(
  '/',
  [
    check('test')
      .custom(str => {
        console.log('validate', str);
        return moment(str, moment.ISO_8601, true).isValid();
      })
      .withMessage('test has to be date string YYYY-MM-DDTHH:mm:ss.SSS')
      .customSanitizer(value => {
        console.log('sanitize', value);
        const date = value !== null ? new Date(value) : null;
        return date;
      }),
  ],
  (req, res) => res.send('Hello World!')
);
app.listen(3000, () => console.log('Example app listening on port 3000!'));

I would expect that the custom validation runs first and if this is successful, the result will be sanitized.
But I get the following logs:

$ node test.js
Example app listening on port 3000!

sanitize xxx
validate Invalid Date
sanitize xxx

sanitize 2012-02-02T00:00:00.000Z
validate 2012-02-02T00:00:00.000Z
sanitize 2012-02-02T00:00:00.000Z

Sanitization is run twice and even once before the validation which in my opinion doesn't make any sense.

package.json

{
  "name": "test-validator",
  "version": "1.0.0",
  "dependencies": {
    "express": "^4.16.3",
    "express-validator": "^5.1.2",
    "moment": "^2.22.1"
  }
}

[orlavy-bigabid]

It is a problem which caused a lot of confusion and weird problems for me also.
In my opinion, the sanitizer should be called only once and in its proper location in the chain

[pkyeck]

the sanitizer should be called only once and in its proper location in the chain

that's what I thought

[gustavohenke]

Closed by f1f57d5

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.