express-html-validator

express-html-validator

A middleware for the Express framework that automatically validates the HTML on all your Express routes, powered by html-validate. This module was built and is maintained by the Roosevelt web framework team, but it can be used independently of Roosevelt as well.

Usage

First declare express-html-validator as a dependency in your app.

Then require the package into your application and call its constructor, passing along your Express app:

Usage with CommonJS:

const express = require('express')
const expressValidator = require('express-html-validator')
const app = express()
const config = {}

// Generally this would be used in development mode
if (process.env.NODE_ENV === 'development') {
  expressValidator(app, config)
}

// expressValidator should be called before defining routes
app.get('/', (req, res) => {
  // This html response will be validated in real time as it's sent
  res.sendFile(path.join(publicDir, 'index.html'))
})

Usage with ES modules:

import express from 'express';
import expressValidator from 'express-html-validator'
import { fileURLToPath } from 'url'
import { dirname } from 'path'
const router = express.Router();
const app = express()
const __filename = fileURLToPath(import.meta.url)
const __dirname = dirname(__filename)

// Generally this would be used in development mode
if (process.env.NODE_ENV === 'development') {
  expressValidator(app, config)
}

// expressValidator should be called before defining routes
router.get('/', (req, res) => {
  // This html response will be validated in real time as it's sent
  res.sendFile(__dirname + '/index.html');
})

You can also run the validator on arbitrary strings outide of the Express context (example in CommonJS):

const config = {}
const expressValidator = require('express-html-validator')(config)

const someHtml = `<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <title>Some HTML that will not validate</title>
</head>
<body>
  <p>hello world</p></p>
</body>
</html>`

const validationResult = expressValidator(someHtml)

Since the example HTML is not valid, if you display the contents of validationResult in a browser, you will see validation errors.

Configuration

Optionally you can pass this module a set of configs:

• exceptions: A set of params that can be used to prevent validation in certain scenarios:

  • header [String]: A custom header that when set will disable the validator on a per request basis.

    • Default: 'Partial'.

  • modelValue [String]: An entry in your data model passed along with a res.render that when set will disable validation on the rendered HTML.

    • Default: '_disableValidator'

• validatorConfig [Object]: html-validate configuration that determines what errors the validator looks for.

  • Note: The full list of available validator rules can be found here.

  • Note: This configuration can also be set by a .htmlValidate.json file placed in your app root directory.

  • Default:

    {
      "extends": ["html-validate:standard"]
    }