You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've added additional known operators to whitelist option for feathers-sequelize, but cleanQuery is also failing things like '"$primaryLocation.city$".
Is it reasonable that sequelize field expressions are blacklisted by default, or can you test for $ at start and end and allow, or have that as another option along whitelist,
or support regexp values in whitelist?
The text was updated successfully, but these errors were encountered:
So over the last little while we realised that all the query sanitisation is just a complicated and convoluted way of doing query schema validation which is exactly what we'd like to encourage in the future. So #2906 implemented a change that skips query sanitisation if you already validated your query against a schema which will be the recommended way going forward.
I've added additional known operators to whitelist option for feathers-sequelize, but cleanQuery is also failing things like '"$primaryLocation.city$".
Is it reasonable that sequelize field expressions are blacklisted by default, or can you test for $ at start and end and allow, or have that as another option along whitelist,
or support regexp values in whitelist?
The text was updated successfully, but these errors were encountered: