A modern programming language that makes developers happier.

kotlinlang

Is there a way to add automatic validation to all parameters?
Like there is no place where I would welcome to receive an input like `&lt;script&gt;alert('got you, LOL')&lt;/script&gt;`

That sounds like a job for instrumentation.
<https://www.graphql-java.com/documentation/instrumentation#field-validation-instrumentation>

you could also use `javax.validation` to annotate your arguments and input objects -&gt; example from spring <https://github.com/ExpediaGroup/graphql-kotlin/blob/master/examples/server/spring-server/src/main/kotlin/com/expediagroup/graphql/examples/server/spring/query/ValidatedQuery.kt|https://github.com/ExpediaGroup/graphql-kotlin/blob/master/examples/server/spring-[…]diagroup/graphql/examples/server/spring/query/ValidatedQuery.kt>

I'm currently using javax.validation but I don't want to add it to all the fields

I will have a look at field validation instrumentation thanks!

con of using `javax.validation` and instrumentations is that it hides this info from the user

you could also use directives to convey some of that validation info to the users and/or custom scalars

that being said -&gt; introspection (as opposed to SDL) doesn't show the directives :disappointed: so tools like graphiql/playground won't show it

there is an ongoing discussion on how to tackle this in the spec...

I think it’s important to mention that if you decide that a field is of type `String` and you never want strings containing a certain regex, then that is up to you as the developer to communicate that to the user. I don’t see GraphQL being opinionated about that.

I think custom scalar would be better in that case as you can provide `@specifiedBy` information on it