How to restrict user to save string that is above some limit?
I am getting Invalid property access: target is not an object if try to validate in security rules with length property of a string.
The Firebase Security Rules now support a length
property for strings, as well as several other string methods including replace()
, contains()
, toUpperCase()
, toLowerCase()
, etc.
See https://firebase.google.com/docs/reference/security/database/#string_properties for more information.
The syntax you can use in rules are detailed here.
Unfortunately, being able to perform string operations (match, length, etc) are not available at this time. SEE ROB'S ANSWER BELOW, THIS FEATURE IS NOW AVAILABLE
I know this is at least on the Firebase radar because I requested a similar feature some time ago.
If you explain the exact details of what you want to solve, it will allow for a much more specific answer; for now I'll give you some general ideas.
Use a privileged app
Monitor Firebase with a privileged application and whenever a value is written to the specific fields you need string validation on, check it manually and delete it if invalid.
Naturally, client validation will take care of all valid use cases. So this is only needed to prevent malicious insertions.
Alternately, you can approach this more as an audit. Just email any invalid strings to some address to be reviewed. Since the client is going to make sure the string is valid before insertion, you are once again just looking at bugs or malicious behaviors.
Delegate writing to an API
Instead of letting the client write privileged data, send it to an API and have the API write that data--making it read only to the client.
Don't worry about it
Do you really need to validate the length? Is it sufficient to simply look and see if it's a string? Is it really a concern that someone would "hack" the contents of a string? Probably not. It could be, but probably not.
And if it is a concern, can it be solved by another avenue? If there is a server involved, just use the process outlined above.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With