I see in the Writing conditions for Cloud Firestore Security Rules documentation that a (server side) custom function can be run against new writes. My question is: do I even need to worry about sanitizing textarea
user input before writing/saving that to FireStore, or does Firestore automatically do this?
If I need to sanitize user input, what would a javascript function look like to do that? What characters should I disallow or remove from the string? Thanks in advance.
Firestore does not automatically do any filtering of input. If you want to filter the input, you will have to do so in your own code and/or security rules.
The exact rules depend on your specific needs. The most common things I see are length restrictions, and things like email or phone number validations. More complex rules are definitely possible, but many developers at some point prefer using a Cloud Function to do the sanitization.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With