-
Notifications
You must be signed in to change notification settings - Fork 134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dangerous and incorrect int and float validation and parsing #921
Comments
The scenario and your request are different. We can solve that issue by comparing the final coerced value with the input value but this is completely unrelated to removing the parsing stuff. |
I touched on this with #479 but was told it doesn't exist. lt does, but I haven't had time to produce a unit test to prove it. I'm not sure about things like "0,8", but I can say for sure that it is not doing "strong" typing as you would want with GraphQL. Instead, it is using JavaScript type coercion which cuts the legs out from under GraphQL typing a bit. A value like "3.1415" submitted on a |
The int and float validation made by this library are not working correctly. They not only fail to validate the input values but they also incorrectly parse and modify the input values.
https://github.com/Urigo/graphql-scalars/blob/master/src/scalars/utilities.ts#L100
For example if your field is of type
float
and your input value is eg string0,8
what would you expect to happen?You probably would expect that a string doesn't pass validation for a field of type float, but you'd be wrong. The string
0,8
passes validation.Because the library uses
parseFloat
the input value will be changed to the number0
once the library is done with it.I think the int and float validation should be reworked to not use any sort of parsing.
The text was updated successfully, but these errors were encountered: