Help with express-validator escape!

Hassanbhb · December 11, 2019, 11:58am

Hello,
I am using Express-validator for Validating user input in my project, and I am using the escape() function to prevent the user from trying to inject anything.

router.post(
  "/new/post",
  ensureAuthenticated,
  [
    check("newPost", "field must not be empty")
      .not()
      .isEmpty()
      .trim()
      .escape()
      .exists({ checkFalsy: true })
  ],
  (req, res) => { ...rest of code... };

my problem is I want to only escape these “<” and “>” but not the ’ and " and &. how do I do this?

lasjorg · December 11, 2019, 3:22pm

Do you actually need escape or are you just trying to disallow < and > ? There is a blacklist sanitizer you can use to remove characters.

Topic		Replies	Views
How can I whitelist a character from being escaped in express-validator? JavaScript	2	2118	February 2, 2021
Api sanitization Backend Development	1	134	January 7, 2025
Express validation help needed	1	378	June 1, 2021
Popular nodejs/expressjs libraries JavaScript	1	254	July 24, 2021
Problem with express route (url-shortener project)	2	595	January 16, 2021

Help with express-validator escape!

Related topics