Browse Source

fix(whitespace): Trim whitespace and quotes before checking text length

Previously, our text sanitizer code did not trim whitespace before
checking that the string was non-empty. This lead to strings consisting
only of whitespace being treated as valid. Not all our downstream
services (such as libpostal) accept whitespace-only input, so this
causes a rather harsh error.

This PR builds upon the code in https://github.com/pelias/api/pull/1170
and moves the trimming code above the nonEmptyString check. Now, a
whitespace-only input string produces the normal error for empty input.

Fixes https://github.com/pelias/api/issues/1158
pull/1171/head
Julian Simioni 7 years ago
parent
commit
9a0f182fb2
No known key found for this signature in database
GPG Key ID: B9EEB0C6EE0910A1
  1. 7
      sanitizer/_text.js
  2. 14
      test/unit/sanitizer/_text.js

7
sanitizer/_text.js

@ -13,11 +13,12 @@ function _sanitize( raw, clean ){
// invalid input 'text'
// must call `!check.nonEmptyString` since `check.emptyString` returns
// `false` for `undefined` and `null`
if( !check.nonEmptyString( raw.text ) ){
messages.errors.push('invalid param \'text\': text length, must be >0');
const text = _.trim( _.trim( raw.text ), QUOTES );
if( !check.nonEmptyString( text ) ){
messages.errors.push('invalid param \'text\': text length, must be >0');
} else {
clean.text = _.trim( _.trim( raw.text ), QUOTES );
clean.text = text;
}
return messages;

14
test/unit/sanitizer/_text.js

@ -124,6 +124,20 @@ module.exports.tests.text_parser = function(test, common) {
t.deepEquals(validParameters, expected);
t.end();
});
test('whitespace-only input counts as empty', (t) => {
const raw = { text: ' ' };
const clean = {};
const expected_clean = {};
const messages = sanitizer.sanitize(raw, clean);
t.deepEquals(clean, expected_clean);
t.deepEquals(messages.errors, ['invalid param \'text\': text length, must be >0']);
t.deepEquals(messages.warnings, [], 'no warnings');
t.end();
});
};
module.exports.all = (tape, common) => {

Loading…
Cancel
Save