blueberry6401
commented
9 months ago Never mind, the validate function returns validated data. I should use it.
Closed blueberry6401 closed 9 months ago
blueberry6401
commented
9 months ago Never mind, the validate function returns validated data. I should use it.
I think maybe this is a bug, or can lead to serious issues about handling user's input; or it's just me using it wrong.
Currently if I use
request.validate(), it will merge the query params and body to validate; while our app uses onlyrequest.body()to get inputs from users. So if therequest.body()contains invalid data, and user tricks the app with correct query params, it will pass the validation.Is this a bug or it suppose to do this?