Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Firestore - Sanitizing Text Area Input?

I see in the Writing conditions for Cloud Firestore Security Rules documentation that a (server side) custom function can be run against new writes. My question is: do I even need to worry about sanitizing textarea user input before writing/saving that to FireStore, or does Firestore automatically do this?

If I need to sanitize user input, what would a javascript function look like to do that? What characters should I disallow or remove from the string? Thanks in advance.

like image 763
Ronnie Royston Avatar asked Aug 05 '18 02:08

Ronnie Royston


Video Answer


1 Answers

Firestore does not automatically do any filtering of input. If you want to filter the input, you will have to do so in your own code and/or security rules.

The exact rules depend on your specific needs. The most common things I see are length restrictions, and things like email or phone number validations. More complex rules are definitely possible, but many developers at some point prefer using a Cloud Function to do the sanitization.

like image 64
Frank van Puffelen Avatar answered Sep 22 '22 02:09

Frank van Puffelen