109109< h1 > Lab Exercise input1</ h1 >
110110< p >
111111This is a lab exercise on developing secure software.
112- For more information, see the < a href ="introduction.html "> introduction to
112+ For more information, see the < a href ="introduction.html " target =" _blank " > introduction to
113113the labs</ a > .
114114
115115< p >
116- < h2 > Task </ h2 >
116+ < h2 > Goal </ h2 >
117117< p >
118- < b > Please change the code below so the query parameter
119- < tt > id</ tt > < i > must</ i > be an integer between 1 and 9999 (including
120- those numbers).</ b >
118+ Practice validating input of a simple data type.
121119
122120< p >
123121< h2 > Background</ h2 >
@@ -130,18 +128,14 @@ <h2>Background</h2>
130128
131129< p >
132130<!-- https://expressjs.com/en/guide/routing.html -->
133- Express allows us to state that when the system receives
134- an HTTP < tt > get</ tt > request for a given route
135- (e.g., < tt > /invoices</ tt > ), Express will run a list of functions ("handlers").
131+ Express allows us to state that when the system receives a specific request,
132+ it will run a list of functions ("handlers").
136133The library < tt > express-validator</ tt > provides a set of validation functions
137134to make it easy to add validation checks.
138135
139136< p >
140137The code below sets up handlers for a < tt > get</ tt > request on path
141138< tt > /invoices</ tt > .
142- This code could be triggered, for example, by requesting
143- < tt > http://localhost:3000/invoices?id=1</ tt >
144- (if it was running at < tt > localhost</ tt > and responding to port 3000).
145139If there are no validation errors, the code is supposed to show the invoice id.
146140If there is a validation error, it responds with HTTP
147141error code 422 ("Unprocessable Content"), a status code suggesting
@@ -164,25 +158,25 @@ <h2>Background</h2>
164158< p >
165159< h2 > Task Information</ h2 >
166160< p >
167-
168- < p >
169- To complete this task,
170- after the first parameter to < tt > app.get</ tt >
161+ To complete this task:
162+ < ol >
163+ < li > After the first parameter to < tt > app.get</ tt >
171164which says < tt > '/invoices'</ tt > ,
172165add a new comma-separated parameter.
173- Start this new parameter with
166+ < li > Start this new parameter with
174167< tt > query('id')</ tt > to select the
175168< tt > id</ tt > parameter for validation (we've filled in this part
176169to help get you started).
177- After < tt > query('id')</ tt > (and before the terminating comma),
170+ < li > After < tt > query('id')</ tt > (and before the terminating comma),
178171add a period (< tt > .</ tt > ) and the validation requirement
179172< tt > isInt()</ tt > (< tt > isInt</ tt > validates that the named parameter is
180173an integer).
181- The < tt > isInt</ tt > method takes, as an optional parameter inside
174+ < li > The < tt > isInt</ tt > method takes, as an optional parameter inside
182175its parentheses,
183176an object providing a minimum and maximum, e.g.,
184177< tt > isInt({min: YOUR_MINIMUM, max: YOUR_MAXIMUM})</ tt > .
185178Set < tt > min</ tt > and < tt > max</ tt > to specify the allowed range.
179+ </ ol >
186180
187181< p >
188182Note: JavaScript names are case-sensitive, so < tt > isint</ tt > won't work.
@@ -197,6 +191,10 @@ <h2>Task Information</h2>
197191< p >
198192< h2 > Interactive Lab (< span id ="grade "> </ span > )</ h2 >
199193< p >
194+ < b > The code below accepts the query parameter < tt > id</ tt > as input.
195+ Please change it so < tt > id</ tt > is only accepted if it is
196+ an integer between 1 and 9999 (including those numbers).</ b >
197+ < p >
200198<!--
201199You can use this an example for new labs.
202200For multi-line inputs, instead of <input id="attempt0" type="text" ...>, use
0 commit comments