fix(core): Improve validator error messages for name and label fields (#31391)

2026-06-04 18:49:20 +02:00 · 2026-06-03 08:41:25 +02:00 · 2026-06-03 08:41:25 +02:00 · 24f27ed559
commit 24f27ed559
parent 0a3d04faa2
6 changed files with 14 additions and 8 deletions
--- a/packages/@n8n/api-types/src/dto/api-keys/update-api-key-request.dto.ts
+++ b/packages/@n8n/api-types/src/dto/api-keys/update-api-key-request.dto.ts
@ -11,6 +11,8 @@ const xssCheck = (value: string) =>
 	});

 export class UpdateApiKeyRequestDto extends Z.class({
-	label: z.string().max(50).min(1).refine(xssCheck),
+	label: z.string().max(50).min(1).refine(xssCheck, {
+		message: 'Label can only contain letters, numbers, spaces and punctuation',
+	}),
 	scopes: scopesSchema,
 }) {}
--- a/packages/@n8n/api-types/src/dto/user/user-update-request.dto.ts
+++ b/packages/@n8n/api-types/src/dto/user/user-update-request.dto.ts
@ -18,10 +18,10 @@ const nameSchema = () =>
 		.min(1)
 		.max(32)
 		.refine(xssCheck, {
-			message: 'Potentially malicious string',
+			message: 'Name can only contain letters, numbers, spaces and punctuation',
 		})
 		.refine(urlCheck, {
-			message: 'Potentially malicious string',
+			message: 'Name cannot contain a URL',
 		});

 export class UserUpdateRequestDto extends Z.class({
--- a/packages/@n8n/db/src/utils/validators/tests/no-url.validator.test.ts
+++ b/packages/@n8n/db/src/utils/validators/tests/no-url.validator.test.ts
@ -20,7 +20,7 @@ describe('NoUrl', () => {
 				expect(errors).toHaveLength(1);
 				const [error] = errors;
 				expect(error.property).toEqual('name');
-				expect(error.constraints).toEqual({ NoUrl: 'Potentially malicious string' });
+				expect(error.constraints).toEqual({ NoUrl: 'URLs are not allowed' });
 			});
 		}
 	});
--- a/packages/@n8n/db/src/utils/validators/tests/no-xss.validator.test.ts
+++ b/packages/@n8n/db/src/utils/validators/tests/no-xss.validator.test.ts
@ -30,7 +30,9 @@ describe('NoXss', () => {
 				expect(errors).toHaveLength(1);
 				const [error] = errors;
 				expect(error.property).toEqual('name');
-				expect(error.constraints).toEqual({ NoXss: 'Potentially malicious string' });
+				expect(error.constraints).toEqual({
+					NoXss: 'Only letters, numbers, spaces and punctuation are allowed',
+				});
 			});
 		}
 	});
@ -111,7 +113,9 @@ describe('NoXss', () => {
 				expect(errors).toHaveLength(1);
 				const [error] = errors;
 				expect(error.property).toEqual('categories');
-				expect(error.constraints).toEqual({ NoXss: 'Potentially malicious string' });
+				expect(error.constraints).toEqual({
+					NoXss: 'Only letters, numbers, spaces and punctuation are allowed',
+				});
 			});
 		}
 	});
--- a/packages/@n8n/db/src/utils/validators/no-url.validator.ts
+++ b/packages/@n8n/db/src/utils/validators/no-url.validator.ts
@ -10,7 +10,7 @@ class NoUrlConstraint implements ValidatorConstraintInterface {
 	}

 	defaultMessage() {
-		return 'Potentially malicious string';
+		return 'URLs are not allowed';
 	}
 }

--- a/packages/@n8n/db/src/utils/validators/no-xss.validator.ts
+++ b/packages/@n8n/db/src/utils/validators/no-xss.validator.ts
@ -16,7 +16,7 @@ class NoXssConstraint implements ValidatorConstraintInterface {
 	}

 	defaultMessage() {
-		return 'Potentially malicious string';
+		return 'Only letters, numbers, spaces and punctuation are allowed';
 	}
 }