im using socket.io in expressjs 3. And i want to sanitize ining messages with express-validator. I have this code:

var expressValidator = require('express-validator')
, sanitize = require('express-validator').sanitize;

socket.on('chat', function (data) {
    io.sockets.in('test').emit('chat', {
            user: sh.session.user,
            message: data.message,
            time: new Date()
    });
});

how do i use sanitize(data.message).xss? Because this does not work.

im using socket.io in expressjs 3. And i want to sanitize ining messages with express-validator. I have this code:

var expressValidator = require('express-validator')
, sanitize = require('express-validator').sanitize;

socket.on('chat', function (data) {
    io.sockets.in('test').emit('chat', {
            user: sh.session.user,
            message: data.message,
            time: new Date()
    });
});

how do i use sanitize(data.message).xss? Because this does not work.

• javascript
• node.js
• express
• xss
• socket.io

Share Improve this question Follow asked Jun 2, 2012 at 12:18 georgesampergeorgesamper 5,17955 gold badges4444 silver badges6060 bronze badges

Add a ment  | 

1 Answer 1

Sorted by: Reset to default 10

In this case you want to use validator instead of express-validator. First install it thru npm:

npm install validator

Then use it pretty much the same way:

var sanitize = require('validator').sanitize;

// later on
message = sanitize(data.message).xss()

The reason for this is because express-validator is used for when you are dealing with an HTTP request that went thru expressjs. In the case of Websockets, you are not going thru expressjs, but rather just listening on the same port as it. So express-validator is not actually "present" in the context of your Websocket's data event.