adapter-commons/filter-query.ts:cleanQuery whitelist test #1540
Comments
|
It almost looks like we'd want to be able to whitelist a regular expression. |
|
Yes please - loop through array and test if item is string or regexp and test accordingly, |
|
So over the last little while we realised that all the query sanitisation is just a complicated and convoluted way of doing query schema validation which is exactly what we'd like to encourage in the future. So #2906 implemented a change that skips query sanitisation if you already validated your query against a schema which will be the recommended way going forward. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I've added additional known operators to whitelist option for feathers-sequelize, but cleanQuery is also failing things like '"$primaryLocation.city$".
Is it reasonable that sequelize field expressions are blacklisted by default, or can you test for $ at start and end and allow, or have that as another option along whitelist,
or support regexp values in whitelist?
The text was updated successfully, but these errors were encountered: