Open danfinlay opened 9 years ago
There is SQL escaping, but it's pretty minimal: https://github.com/geddy/model/blob/master/lib/datatypes.js#L62 That could use a lot of improvement, but could you at least add the null character there?
@flyswatter, I've invited you to the org, so you can just make the change and push it. If you need it in a release, make the change in the release branch, and merge back to master. I can push a version to NPM whenever you'd like.
Oh wow, honored. Taking my shot at this!
I have had some trouble running the model tests. I'm getting:
ReferenceError: publishTask is not defined
at Object.<anonymous> (/Users/danielfinlay/Documents/Development/model/Jakefile:24:1)
at Module._compile (module.js:456:26)
(See full trace by running task with --trace)
This is right in the Jakefile, so am I missing something? I've npm i
'd, I figure you're the guy to ask Jake questions.
You're probably running an older (global) version of Jake. You can try updating your global Jake, or running it with the one installed locally (./node_modules/jake/bin/cli.js
).
I still mean to get to this, but in the meanwhile, including another note:
Backslash characters are also not being escaped for postgres correctly.
There's a character I'm getting as user input (have captured as a test), and it seems illegal to assign as a value in a
text
field with the Postgres adapter.In VIM it appears as
^@
, when I calltoString()
on the object, it displays as\\u0000\\n
. This seems to be the null character.I thought the adapter was escaping text in a way that this wouldn't happen. If this can crash Model's connection to PG, how I should be sanitizing my input differently to prevent this or other characters in the future from doing this?