FlowiseAI · christopherholland-workday · Feb 25, 2026 · Feb 25, 2026
diff --git a/packages/components/evaluation/EvaluationRunner.ts b/packages/components/evaluation/EvaluationRunner.ts
@@ -88,17 +88,6 @@ export class EvaluationRunner {
 
     public async runEvaluations(data: ICommonObject) {
         const chatflowIds = JSON.parse(data.chatflowId)
-
-        // Validate chatflowIds is an actual array to prevent DoS attacks
-        if (!Array.isArray(chatflowIds)) {
-            throw new Error('chatflowId must be a valid array')
-        }
-
-        // Validate dataset.rows is an actual array to prevent DoS attacks
-        if (!data.dataset || !Array.isArray(data.dataset.rows)) {
-            throw new Error('dataset.rows must be a valid array')
-        }
-
         const returnData: ICommonObject = {}
         returnData.evaluationId = data.evaluationId
         returnData.runDate = new Date()

diff --git a/packages/server/src/services/evaluations/EvaluatorRunner.ts b/packages/server/src/services/evaluations/EvaluatorRunner.ts
@@ -17,11 +17,6 @@ export const runAdditionalEvaluators = async (
     selectedEvaluators: string[],
     workspaceId: string
 ) => {
-    // Validate inputs are arrays and enforce size limits
-    if (!Array.isArray(actualOutputArray) || !Array.isArray(selectedEvaluators)) {
-        throw new Error('Invalid input: expected arrays')
-    }
-
     const evaluationResults: any[] = []
     const evaluatorDict: any = {}
 
@@ -108,7 +103,6 @@ export const runAdditionalEvaluators = async (
                         case 'ContainsAny':
                             passed = false
                             splitValues = value.split(',').map((v) => v.trim().toLowerCase()) // Split, trim, and convert to lowercase
-
                             for (let i = 0; i < splitValues.length; i++) {
                                 if (actualOutput.includes(splitValues[i])) {
                                     passed = true
@@ -123,7 +117,6 @@ export const runAdditionalEvaluators = async (
                         case 'ContainsAll':
                             passed = true
                             splitValues = value.split(',').map((v) => v.trim().toLowerCase()) // Split, trim, and convert to lowercase
-
                             for (let i = 0; i < splitValues.length; i++) {
                                 if (!actualOutput.includes(splitValues[i])) {
                                     passed = false
@@ -138,7 +131,6 @@ export const runAdditionalEvaluators = async (
                         case 'DoesNotContainAny':
                             passed = true
                             splitValues = value.split(',').map((v) => v.trim().toLowerCase()) // Split, trim, and convert to lowercase
-
                             for (let i = 0; i < splitValues.length; i++) {
                                 if (actualOutput.includes(splitValues[i])) {
                                     passed = false
@@ -153,7 +145,6 @@ export const runAdditionalEvaluators = async (
                         case 'DoesNotContainAll':
                             passed = true
                             splitValues = value.split(',').map((v) => v.trim().toLowerCase()) // Split, trim, and convert to lowercase
-
                             for (let i = 0; i < splitValues.length; i++) {
                                 if (actualOutput.includes(splitValues[i])) {
                                     passed = false

diff --git a/packages/server/src/services/evaluations/index.ts b/packages/server/src/services/evaluations/index.ts
@@ -72,30 +72,14 @@ const createEvaluation = async (body: ICommonObject, baseURL: string, orgId: str
         const row = appServer.AppDataSource.getRepository(Evaluation).create(newEval)
         row.average_metrics = JSON.stringify({})
 
-        // Parse and validate evaluator arrays to prevent DoS attacks
-        const chatflowTypes = body.chatflowType ? JSON.parse(body.chatflowType) : []
-        if (!Array.isArray(chatflowTypes)) {
-            throw new Error('chatflowType must be a valid array')
-        }
-
-        const simpleEvaluators = body.selectedSimpleEvaluators.length > 0 ? JSON.parse(body.selectedSimpleEvaluators) : []
-        if (!Array.isArray(simpleEvaluators)) {
-            throw new Error('selectedSimpleEvaluators must be a valid array')
-        }
-
         const additionalConfig: ICommonObject = {
-            chatflowTypes: chatflowTypes,
+            chatflowTypes: body.chatflowType ? JSON.parse(body.chatflowType) : [],
             datasetAsOneConversation: body.datasetAsOneConversation,
-            simpleEvaluators: simpleEvaluators
+            simpleEvaluators: body.selectedSimpleEvaluators.length > 0 ? JSON.parse(body.selectedSimpleEvaluators) : []
         }
 
         if (body.evaluationType === 'llm') {
-            const lLMEvaluators = body.selectedLLMEvaluators.length > 0 ? JSON.parse(body.selectedLLMEvaluators) : []
-            if (!Array.isArray(lLMEvaluators)) {
-                throw new Error('selectedLLMEvaluators must be a valid array')
-            }
-
-            additionalConfig.lLMEvaluators = lLMEvaluators
+            additionalConfig.lLMEvaluators = body.selectedLLMEvaluators.length > 0 ? JSON.parse(body.selectedLLMEvaluators) : []
             additionalConfig.llmConfig = {
                 credentialId: body.credentialId,
                 llm: body.llm,
@@ -139,12 +123,6 @@ const createEvaluation = async (body: ICommonObject, baseURL: string, orgId: str
         // When chatflow has an APIKey
         const apiKeys: { chatflowId: string; apiKey: string }[] = []
         const chatflowIds = JSON.parse(body.chatflowId)
-
-        // Validate chatflowIds is an actual array to prevent DoS attacks
-        if (!Array.isArray(chatflowIds)) {
-            throw new Error('chatflowId must be a valid array')
-        }
-
         for (let i = 0; i < chatflowIds.length; i++) {
             const chatflowId = chatflowIds[i]
             const cFlow = await appServer.AppDataSource.getRepository(ChatFlow).findOneBy({
@@ -268,7 +246,7 @@ const createEvaluation = async (body: ICommonObject, baseURL: string, orgId: str
                             metricsArray,
                             actualOutputArray,
                             errorArray,
-                            additionalConfig.simpleEvaluators,
+                            body.selectedSimpleEvaluators.length > 0 ? JSON.parse(body.selectedSimpleEvaluators) : [],
                             workspaceId
                         )
 
@@ -279,7 +257,7 @@ const createEvaluation = async (body: ICommonObject, baseURL: string, orgId: str
 
                         if (body.evaluationType === 'llm') {
                             resultRow.llmConfig = additionalConfig.llmConfig
-                            resultRow.LLMEvaluators = additionalConfig.lLMEvaluators
+                            resultRow.LLMEvaluators = body.selectedLLMEvaluators.length > 0 ? JSON.parse(body.selectedLLMEvaluators) : []
                             const llmEvaluatorMap: { evaluatorId: string; evaluator: any }[] = []
                             for (let i = 0; i < resultRow.LLMEvaluators.length; i++) {
                                 const evaluatorId = resultRow.LLMEvaluators[i]