Open benoitbzl opened 2 years ago
@benoitbzl Thanks for posting! We'll take a look as soon as possible.
In the mean time, there are a few ways you can help speed things along:
Please remember: never post in a public forum if you believe you've found a genuine security vulnerability. Instead, disclose it responsibly.
For help with questions about Sails, click here.
Hi @benoitbzl, This restriction was added as a potential safeguard from confusion and prototype attacks.
Hello @eashaw. Thanks for the answer. Could there be a per model option that would disable this restriction? This may ease in some cases the use of sails 1.x with existing database collection.
@benoitbzl Thank you for the constructive feedback. Unfortunately, we can’t take on the maintenance of that at this time.
Hello @benoitbzl, I'm not sure if this is helpful or not, but can you use the columnName
option in the attribute definition to avoid having to change the existing database? You should be able to use class
as the internal column name while using something else that isn't a reserved keyword as the attribute name.
You'd still have to change anywhere that references that attribute in code, but it seems better than using the mongo driver directly.
Hello @cincodenada . Yes indeed it would have ease the transition, I just forgot about this possible option. This may help other users who will have to deal with such a case. Thanks.
Thank you @cincodenada!
With sails version 0.12, it was possible to create records (mongo adapter) with waterline that contained javascript reserved keywords like 'class'. This is not the case anymore with sails 1.x (at least 1.4+). It reports the error:
{ UsageError: Invalid new record. Details: Could not use specified
class
. This is not a valid name for an attribute. .... }See code at https://github.com/balderdashy/waterline/blob/98e4b7cf2f16611c56a2542ddb2b92a56928ad94/lib/waterline/utils/query/private/is-valid-attribute-name.js#L12
This is an issue for upgrading our existing application to sails 1.5. What are the reasons to forbid javascript reserved keywords for database attributes? As a workaround, I will have to use directly the mongo driver to create the record.
Node version: 10.x Sails version (sails): 1.5 ORM hook version (sails-hook-orm): Sockets hook version (sails-hook-sockets): Organics hook version (sails-hook-organics): Grunt hook version (sails-hook-grunt): Uploads hook version (sails-hook-uploads): DB adapter & version (e.g. sails-mysql@5.55.5): Skipper adapter & version (e.g. skipper-s3@5.55.5):