Created
September 14, 2015 06:26
-
-
Save heschong/b0d22ef472b02a9c0e97 to your computer and use it in GitHub Desktop.
Revisions
-
heschong revised this gist
Sep 14, 2015 . No changes.There are no files selected for viewing
-
Sep 14, 2015 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,41 @@ /* * This is a simple pattern for a flexible publication mechanism, for feedback purposes */ // ... on client and server MyCollection = new Mongo.Collection('mycollection'); // ... on the server /* * This function allows us to check to see if a MongoDB query object is * relatively safe from NoSQL injection attempts * * Usage via a check function: * * check(arg, Match.Where(safeQuery)); */ safeQuery = function(value) { return !EJSON.stringify(value).match(/\"\$(where|inc|mul|rename|setOnInsert|set|unset|currentDate)\"/g); } // Publish a document set with the client's dynamic specifiers Meteor.publish('mycollection', function(where) { check(where, Match.Where(safeQuery)); return MyCollection.find(where); }); // ... On the client // Subscribe to all the documents matching { some: 'criteria' } Meteor.subscribe('mycollection', { some: 'criteria' }); var stuff = MyCollection.find({ someMore: 'criteria' });