[SOLVED] How to add custom Validation in joi v14 to prevent HTML/script injection?

How to add custom Validation in joi v14 to prevent HTML/script injection?

I want to add custom validation, but I get an error while I add custom

function isValidInput(value) {
  const regex = /<[^>]*>|javascript:/gi;
  if (regex.test(value)) {
    throw new Error('Input contains HTML tags or scripts');
  }
}
 module.exports.placeOrder = Joi.object({
  buyer: Joi.object({
    id: Joi.string().guid().required(),
    name: Joi.string().required(),
    email: Joi.string().email().required(),
  }).required(),
  organisation: Joi.object({
    id: Joi.string().required(),
    title: Joi.string().required(),
  }).required(),
  updated_by: Joi.object({
    id: Joi.string().guid().required(),
    name: Joi.string().allow(null),
    email: Joi.string().allow(null),
  }).required(),
  program: Joi.array()
    .items(
      Joi.object({
        id: Joi.string()
          .regex(/^[a-zA-Z0-9-_]+={0,2}$/)
          .required(),
        producer: Joi.object({
          id: Joi.string().guid().required(),
          name: Joi.string().custom(isValidInput).required().allow(null),
          email: Joi.string().email().allow(null),
        }).required(),
        channel_partner: Joi.object({
          id: Joi.string().guid().required(),
          name: Joi.string().required(),
          email: Joi.string().required(),
        }).required(),
        igpid: Joi.string()
          .regex(/^[a-zA-Z0-9-_]+={0,2}$/)
          .optional(),
        title: Joi.string().required(),
        description: Joi.string().optional(),
        initial_units: Joi.number().integer().required(),
        program_source: Joi.string().required(),
        genome_insight: Joi.string().optional(),
        reach: Joi.number().integer().required(),
        available_units: Joi.number().integer().optional(),
        status: Joi.string().required(),
        sdg: Joi.object({
        program_sdg_names: Joi.array().items(Joi.string()).required(),
      program_sdg_targets: Joi.array().items(Joi.string()).required(),

        }).optional(),
       })
      )
      .required(),
   });

I want to add custom validation so that no external HTML tags or script is injected. I want to ensure no malicious script could be injected into the request. I'v got an error in the validation while I was using the joi version 14.

The error I recieve when trying to run the validation is

Joi.string().custom is not a function

Solution

Resolved Issue: Using Joi Version 14 versus Version 17

I experienced an issue in my project and successfully handled it, and I wanted to share the answer here in case anyone else runs into a similar situation.

The issue arose from utilizing an out-of-date version of Joi (version 14) in my project. The functionality I wanted, custom(), was unavailable in version 14. However, it was included in version 17.

After upgrading to the most recent version of Joi (version 17), everything reverted to normal, and I was able to use the custom() method as intended.

If you are experiencing similar problems with Joi, I suggest you upgrade to the most recent version to access all of the new features and bug fixes.

I hope this helps.