0
0
Expressframework~20 mins

Why input validation is critical in Express - Challenge Your Understanding

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Input Validation Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
Why is input validation important in Express apps?

Consider an Express app that accepts user data. Why must we validate inputs before processing?

ATo prevent malicious data causing security issues like injection attacks.
BTo make the app run faster by skipping checks.
CTo allow users to enter any data without restrictions.
DTo reduce the size of the app's codebase.
Attempts:
2 left
💡 Hint

Think about what happens if harmful data reaches your database or server.

component_behavior
intermediate
2:00remaining
What happens if input validation is skipped in Express?

Given an Express route that saves user input to a database without validation, what is a likely outcome?

Express
app.post('/submit', (req, res) => {
  const userInput = req.body.data;
  database.save(userInput);
  res.send('Saved');
});
AThe app will reject all inputs by default.
BThe app will crash immediately on any input.
CThe app automatically cleans the data before saving.
DThe app may save harmful or malformed data, risking security and data integrity.
Attempts:
2 left
💡 Hint

Think about what happens if users send unexpected or malicious data.

📝 Syntax
advanced
2:30remaining
Which Express middleware correctly validates JSON input?

Choose the middleware snippet that properly validates a JSON field 'age' to be a positive integer.

Express
const express = require('express');
const app = express();
app.use(express.json());
A
app.post('/user', (req, res) => {
  if (typeof req.body.age === 'number' && req.body.age > 0) {
    res.send('Valid age');
  } else {
    res.status(400).send('Invalid age');
  }
});
B
app.post('/user', (req, res) => {
  if (req.body.age) {
    res.send('Valid age');
  } else {
    res.status(400).send('Invalid age');
  }
});
C
app.post('/user', (req, res) => {
  if (req.body.age > 0) {
    res.send('Valid age');
  } else {
    res.status(400).send('Invalid age');
  }
});
D
app.post('/user', (req, res) => {
  if (typeof req.body.age === 'string') {
    res.send('Valid age');
  } else {
    res.status(400).send('Invalid age');
  }
});
Attempts:
2 left
💡 Hint

Check both type and value to ensure age is a positive number.

🔧 Debug
advanced
2:30remaining
Why does this Express input validation fail?

Identify the reason this validation code does not reject invalid input:

Express
app.post('/data', (req, res) => {
  if (req.body.email && req.body.email.includes('@')) {
    res.send('Valid email');
  } else {
    res.status(400).send('Invalid email');
  }
});
AIt uses the wrong HTTP method for validation.
BIt throws an error if req.body.email is undefined, crashing the app.
CIt accepts empty strings as valid emails.
DIt correctly validates all emails.
Attempts:
2 left
💡 Hint

What happens if the client sends no 'email' field?

state_output
expert
3:00remaining
What is the response when sending invalid input to this Express route?

Given this Express route with input validation, what response does the server send when 'username' is missing?

Express
app.post('/register', (req, res) => {
  const { username, password } = req.body;
  if (!username || username.length < 3) {
    return res.status(422).json({ error: 'Username too short or missing' });
  }
  if (!password || password.length < 6) {
    return res.status(422).json({ error: 'Password too short or missing' });
  }
  res.status(200).json({ message: 'User registered' });
});
A{"message":"User registered"} with status 200
B{"error":"Password too short or missing"} with status 422
C{"error":"Username too short or missing"} with status 422
DServer crashes with TypeError
Attempts:
2 left
💡 Hint

Check the validation order and conditions for missing 'username'.