javascriptnode.jsvalidationjoi

How to add custom Validation in joi v14 to prevent HTML/script injection?

I want to add custom validation, but I get an error while I add custom

function isValidInput(value) {
  const regex = /<[^>]*>|javascript:/gi;
  if (regex.test(value)) {
    throw new Error('Input contains HTML tags or scripts');
  }
}
 module.exports.placeOrder = Joi.object({
  buyer: Joi.object({
    id: Joi.string().guid().required(),
    name: Joi.string().required(),
    email: Joi.string().email().required(),
  }).required(),
  organisation: Joi.object({
    id: Joi.string().required(),
    title: Joi.string().required(),
  }).required(),
  updated_by: Joi.object({
    id: Joi.string().guid().required(),
    name: Joi.string().allow(null),
    email: Joi.string().allow(null),
  }).required(),
  program: Joi.array()
    .items(
      Joi.object({
        id: Joi.string()
          .regex(/^[a-zA-Z0-9-_]+={0,2}$/)
          .required(),
        producer: Joi.object({
          id: Joi.string().guid().required(),
          name: Joi.string().custom(isValidInput).required().allow(null),
          email: Joi.string().email().allow(null),
        }).required(),
        channel_partner: Joi.object({
          id: Joi.string().guid().required(),
          name: Joi.string().required(),
          email: Joi.string().required(),
        }).required(),
        igpid: Joi.string()
          .regex(/^[a-zA-Z0-9-_]+={0,2}$/)
          .optional(),
        title: Joi.string().required(),
        description: Joi.string().optional(),
        initial_units: Joi.number().integer().required(),
        program_source: Joi.string().required(),
        genome_insight: Joi.string().optional(),
        reach: Joi.number().integer().required(),
        available_units: Joi.number().integer().optional(),
        status: Joi.string().required(),
        sdg: Joi.object({
        program_sdg_names: Joi.array().items(Joi.string()).required(),
      program_sdg_targets: Joi.array().items(Joi.string()).required(),

        }).optional(),
       })
      )
      .required(),
   });

I want to add custom validation so that no external HTML tags or script is injected. I want to ensure no malicious script could be injected into the request. I'v got an error in the validation while I was using the joi version 14.

The error I recieve when trying to run the validation is

Joi.string().custom is not a function
Solution

  • To resolve this issue, I upgraded to Joi version 17, which includes the custom() method and other new features. Here’s how you can do the same:

    Upgrade Joi to the Latest Version: Run the following command in your terminal to update Joi to the latest version:

    npm install joi@latest

    Or, if you're using Yarn:

    yarn add joi@latest

    Verify the Installation: After upgrading, verify that the correct version of Joi is installed by checking your package.json file or running:

    npm list joi

    Use the custom() Method: With Joi version 17, you can now use the custom() method to define custom validation rules