fastest-validator icon indicating copy to clipboard operation
fastest-validator copied to clipboard

Published 20 hours ago verified publisher icon icebob

Error object includes expected regex pattern

Open erfanium opened this issue 4 years ago • 2 comments

This information can help attackers to find valid patterns that cause problems or find a way to bypass validations. Too risky

erfanium avatar Jun 06 '21 11:06 erfanium

Why only regex pattern causes this problem?

{ type: "string", min: 3, max: 6, alpha: true }

Same as

{ type: "string", pattern: ^/[a-zA-Z]{3,6}$/ }

If it's a problem, would be better a validator option to disable expect values, like errorExpectedValue: false

icebob avatar Jun 07 '21 07:06 icebob

validator option to disable expect values, like errorExpectedValue: false

Like it, It's a good way

If it's a problem...

In general, it's not. but people may carelessly use unsafe patterns from web

erfanium avatar Jun 07 '21 07:06 erfanium