Firestore-清理文本区域输入? [英] Firestore - Sanitizing Text Area Input?

问题描述

我在 Cloud Firestore安全规则的书写条件中看到关于可以针对新写入运行(服务器端)定制功能的文档.我的问题是:在将textarea用户输入写入/保存到FireStore之前，我是否还需要担心清理用户输入?还是Firestore自动执行此操作?

I see in the Writing conditions for Cloud Firestore Security Rules documentation that a (server side) custom function can be run against new writes. My question is: do I even need to worry about sanitizing textarea user input before writing/saving that to FireStore, or does Firestore automatically do this?

如果我需要清理用户输入内容，那么javascript函数将如何执行此操作?我应该禁止或删除字符串中的哪些字符?预先感谢.

If I need to sanitize user input, what would a javascript function look like to do that? What characters should I disallow or remove from the string? Thanks in advance.

推荐答案

Firestore不会自动对输入进行任何过滤.如果要过滤输入，则必须在自己的代码和/或安全规则中进行过滤.

Firestore does not automatically do any filtering of input. If you want to filter the input, you will have to do so in your own code and/or security rules.

确切的规则取决于您的特定需求.我看到的最常见的东西是长度限制，以及电子邮件或电话号码验证之类的东西.当然，更复杂的规则是可能的，但是许多开发人员有时更喜欢使用Cloud Function进行清理.

The exact rules depend on your specific needs. The most common things I see are length restrictions, and things like email or phone number validations. More complex rules are definitely possible, but many developers at some point prefer using a Cloud Function to do the sanitization.

这篇关于Firestore-清理文本区域输入?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！