Express is utilizing HTML entities for formatting JSON data

We are encountering a problem with our NodeJS application which is based on express and body-parser. The issue arises when certain characters in the REST requests, sent in JSON format, get HTML/XML escaped unexpectedly. We suspect that something within either express or body-parser is causing this behavior, but pinpointing the exact cause has proven to be challenging.

During testing, we used curl to make a request:

curl 'http://localhost:6009/stores/1561289s12' \
  -X 'PUT' \
  -H 'Accept: application/json, text/plain, */*' \
  -H 'Content-Type: application/json; charset=utf-8' \
  --data-raw $'{"name":"O\'Neil"}' \
  --compressed

Upon examining the value of name in req.body on the server, we noticed it appears as:

O'Neil

Our suspicions lean towards express or body-parser causing this transformation, especially since Wireshark captures the body in its original form.

The JSON parsing was initiated in the following manner:

app.use(express.json({}));
  • Express version: 4.17.1
  • Node JS version: 14.15.1

This project also utilizes express-validator.

If anyone has insights into what might be causing this issue, please share your thoughts.

node.jsjsonexpress

Answer №1

It's important to note that express-validator not only validates, but also has the capability to modify or sanitize data. Therefore, if any changes are seen in the data between receiving and viewing it in req.body, checking the validator settings is a good starting point.

In this scenario, the issue can be linked to the usage of escape: true or escape(), which add HTML style entities to the values.

An example of sanitizing data using express validators:

export default [
  body('name').trim().escape()
]

export default {
    name: {
        in: ['body'],
        trim: true,
        escape: true
}

The problem can be resolved by removing the 'escape' option or function call.

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Adding turbolinks to an HTML document can be achieved without the need for a

Recently delving into the world of turbolinks, I discovered that it can be employed independently without relying on a client-side javascript framework. Eager to test this out, I created a bootstrap 4 template and attempted to install it. Firstly, I downl ...

javascripthtmlnode.jsbootstrap-4turbolinks

Are there any security measures integrated into ExpressJS?

In my quest for information, I scoured the documentation but unfortunately found no details on the security measures offered by ExpressJS. As I am more familiar with Node's HTTP module, I presume that is what I will be comparing it to ...

node.jsexpress

The command npm/cucumber - '.' is not recognized as a valid internal or external command

I recently installed npm and it's showing version 9.2.0. But when I try to run the command npm run test, I encounter an error stating that '.' is not recognized as an internal or external command. I have double-checked my environment variabl ...

node.jsnpmcucumber

Is AngularJS primarily a client-side or server-side framework, or does it have elements

Is it possible to connect to the database on the server side? I have experience using it on the client side, but can the same method be used on the server side? If it's not suitable for server-side use, should I go with PHP or Node.js for designing ...

phpnode.jsangularjs

Node.js and the Eternal Duo: Forever and Forever-Montior

Currently, I am utilizing forever-monitor to launch a basic HTTP Node Server. However, upon executing the JavaScript code that triggers the forever-monitor scripts, they do not run in the background. As a result, when I end the TTY session, the HTTP server ...

javascriptnode.jshttpforever

Why is my host address not being recognized by nodejs v5.10.1 anymore?

Why is the latest version of Node.js (v5.10.1) no longer able to retrieve my host address? Here's the Express code snippet: var express = require('express'); var app = express(); // Respond with "Hello World!" on the homepage app.get(&apo ...

linuxnode.jsexpress

Unusual behavior encountered with JSON, exploring the scope of a JavaScript variable

In my PHP code, I have an array stored in the variable $result. After using echo json_encode($result);, the output is: [{"id":"4","rank":"adm","title":"title 1"}, {"id":"2","rank":"mod",,"title":"title 2"}, {"id":"5","rank":"das","title":"title 3"}, {"id ...

phpjson

Ways to halt the expressjs server

After deploying my express and nextjs based app on EC2, I encountered an issue where the server automatically starts Nginx and node with different process IDs after I attempt to stop it by killing the process. This is happening even without using tools lik ...

node.jsexpressnginxamazon-ec2next.js

utilizing nodejs' request.end() method prior to establishing the event listeners

According to the nodejs documentation found at http://nodejs.org/api/http.html#http_event_connect_1, there is a concern with the example code provided. In this code snippet, the request.end() function is called before setting up the listeners (req.on(...) ...

node.js

What are the steps to resolving a Dockerfile error regarding permission denied for /app?

Here is the Dockerfile for my node.js project: FROM node:14.16.0-alpine3.13 RUN addgroup app && adduser -S -G app app RUN mkdir /app && chown app:app /app USER app WORKDIR /app COPY package*.json ./ RUN npm install COPY . . EXPOSE 80 CM ...

node.jsdockernpmdocker-composedockerfile

When running `npm run start`, the node_modules folder may not be located on non-Windows operating systems

Having created a Node.js application using Hapi on Windows 10, everything worked fine when testing it locally. The 'start' script inside the package.json file ran without any issues: "scripts": { "start": "nodemon -e * . ...

node.jslinuxnpmnodemonhapi.js

The asynchronous method in a Mongoose schema does not pause for completion

Here is the code snippet that I am currently working on: const user = await User.findOne({ email }).select('+password'); console.log(' user value : ', user); const boolean = await user.comparePassword(password, user.password); console.l ...

node.jsexpressmongoose

How can I troubleshoot and resolve this npm error that's causing issues for my project?

$npm start npm ERR! code ENOENT npm ERR! syscall open npm ERR! path /home/gatua/package.json npm ERR! errno -2 npm ERR! enoent ENOENT: no such file or directory, open '/home/gatua/package.json' npm ERR! enoent This error is due to npm not ...

node.jsnpm

Navigating between multiple Angular applications using Express

In my project, I am facing an issue with the file structure. I have a server folder and a client folder which includes two Angular apps: one for the website and one for the dashboard. If you want to check out the code, it's available at this link. A ...

angularjsnode.jsexpressroutesangular-ui-router

Establish a global variable within the utils.js module in a Node.js environment

Hey there, I'm currently in the process of trying to figure out how to properly define a global variable in node.js. I am aware that it's not considered best practice, but in this specific scenario, it seems like the only way to go without involv ...

javascriptnode.jsexpress

What is the process for sending a POST Request to Ghostbin using Node.JS?

I'm attempting to make a POST request to Ghostbin using Node.JS and the request NPM module. Below is the code I have been utilizing: First Try: reqest.post({ url: "https://ghostbin.com/paste/new", text: "test post" }, function (err, res, body) ...

javascriptnode.jspostrequesthttprequest

Webpack fails to transmit watchOptions to the watcher

Having an issue with webpack and wondering if fixing it will require forking the repo. Also, seeking guidance on merging it back in. The problem arises when using the webpack npm module environment in a development virtual machine where code is edited on ...

node.jswebpack

How do I add JSON data to a menu using PHP?

I have a JSON file for my menu structured like this: [{"slug":"index.php","name":"Home"},{"slug":"aboutus","name":"About us","children":[{"slug":"eims","name":"Eims"},{"slug":"vision","name":"Vision"}]},{"slug":"trash","name":"Trash","children":[{"slug":" ...

phpjson

JOLT specification for transforming a deeply nested JSON into a flattened JSON format

Seeking assistance on the Jolt specification needed to convert a nested JSON structure into a denormalized JSON. Input: { header : company: "ABC", ip: 10.3.2.4, network : [ {url:"http://abc.in", "latency":2000}, {url:"http://xzy.au", "l ...

jsondenormalizationjolt

What are the reasons for the failure of parsing this specific Twitter JSON file using Angular $http, and how can I troubleshoot and resolve the issue

After finding a JSON example on the following website (located at the bottom): , I decided to save it to a file on my local system and attempt to retrieve it using Angular's $http service as shown below: To begin, I created a service: Services.Twitt ...

javascriptajaxjsonangularjs