Are inputs passed through validate() sanitized?


Are all inputs passed through validate() or validateAll() sanitized automatically as part of the process, must I sanitize() them first? I thought this might be a stupid question since anything matching a alpha_numeric rule would fail if it contained XSS code, however, if just a required rule was used, would it be sanitized automatically?


You will need to sanitise the input, yes. Validate only runs through the checks you’ve implemented, such as if password matches, or username is right length, email exists etc,…

You will need to use

const { sanitize } = use('Validator')
const data = sanitize(request.all(), rules)

check this for more info.