问题
I see in the Writing conditions for Cloud Firestore Security Rules documentation that a (server side) custom function can be run against new writes. My question is: do I even need to worry about sanitizing textarea user input before writing/saving that to FireStore, or does Firestore automatically do this?
If I need to sanitize user input, what would a javascript function look like to do that? What characters should I disallow or remove from the string? Thanks in advance.
回答1:
Firestore does not automatically do any filtering of input. If you want to filter the input, you will have to do so in your own code and/or security rules.
The exact rules depend on your specific needs. The most common things I see are length restrictions, and things like email or phone number validations. More complex rules are definitely possible, but many developers at some point prefer using a Cloud Function to do the sanitization.
来源:https://stackoverflow.com/questions/51690918/firestore-sanitizing-text-area-input