UNPKG

@nozbe/watermelondb

Version:

Build powerful React Native and React web apps that scale from hundreds to tens of thousands of records and remain fast

github.com/Nozbe/WatermelonDB

Nozbe/WatermelonDB

29 lines (24 loc) 1.21 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
// @flow import invariant from '../../common/invariant' import type { TableName, ColumnName } from '../../../Schema' // Asserts that `name` (table or column name) should be safe for inclusion in SQL queries // and Loki queries (JS objects) // // IMPORTANT: This should NEVER be used as the only line of defense! These checks may be incomplete. // Any table or column name passed anywhere near the database should be hardcoded or whitelisted. // This is a "defense in depth" type of check - checking for common mistakes in case library user // is not following safe coding practices or the primary defense fails. // // This will throw an error on: // - JavaScript Object prototype properties // - Magic Loki and SQLite column names // - names starting with __ // - names that are not essentially alphanumeric // // Note that for SQL, you always MUST wrap table/column names with `'name'`, otherwise query may fail // for some keywords // // Note that this doesn't throw for Watermelon builtins (id, _changed, _status...) // const safeNameCharacters = /^[a-zA-Z_]\w*$/ // const knownSafeNames: Set<string> = new Set() export default function checkName<T = string | TableName<any> | ColumnName>(name: T): T