Post `check()` allows empty strings
kylefox opened this issue · 0 comments
kylefox commented
In Creating Posts the following code is added to lib/collections/posts.js
to validate postAttributes
:
check(postAttributes, {
title: String,
url: String
});
However, this provides no enforcement on string length and thus allows the user to submit an empty form, creating a document with empty attributes.
According to the Match Patterns documentation, the correct approach is to use Match.Where(condition)
to ensure the string is not empty:
NonEmptyString = Match.Where(function (x) {
check(x, String);
return x.length > 0;
});
check(postAttributes, {
title: NonEmptyString,
url: NonEmptyString
});