You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Had given me the impression that there was preventative measures already in place to prevent injection. Thankfully I reviewed the code before deploying, and saw that the only thing sanitized is the search string. Some people, even without reading the above comment, might not think to check for injection because they're used to working with ORMs, and might make assumptions about node-datatable having similar features.
Might be overkill, but might also not hurt to have a disclaimer in the API section saying
When using user-provided values as data for any part of the query, be sure to sanitize it first
The text was updated successfully, but these errors were encountered:
Your comment in the README:
Had given me the impression that there was preventative measures already in place to prevent injection. Thankfully I reviewed the code before deploying, and saw that the only thing sanitized is the search string. Some people, even without reading the above comment, might not think to check for injection because they're used to working with ORMs, and might make assumptions about node-datatable having similar features.
Might be overkill, but might also not hurt to have a disclaimer in the API section saying
The text was updated successfully, but these errors were encountered: