jmacarthur
commented
8 years ago Otherwise, looks good, happy to merge this if the injection problem can be addressed
Closed palvarez89 closed 1 year ago
jmacarthur
commented
8 years ago Otherwise, looks good, happy to merge this if the injection problem can be addressed
palvarez89
commented
8 years ago Thanks for the reviews. I really didn't think about these security problems. I guess that sanitising the values to be used in the query so that no-one can do cypher injection would be enough?
jmacarthur
commented
8 years ago Yes. start_node and end_node are integers (I think) so just converting them with a string-to-integer conversion should be fine. node_type is a bit more complicated: you could check they're just strings of [A-Za-z] with no spaces or anything, or check against a list of known types.
It might be a bit buggy: some times will not show links from left column to middle column, left and right column will show over text, and maybe more.. but would be great to merge sooner rather than later, I had to rebase it several times already :)