Is there any guideline on sanitizing the query term for RediSearch, e.g. certain characters such as * at the end of a term or @ - at start of term have special purposes in the query syntax and would be good to strip some/all of them out for queries where the special purpose doesn't apply. Also, I'm wondering if there are any security implications of passing in arbitrary query strings.
Asked
Active
Viewed 543 times
2
mahemoff
- 44,526
- 36
- 160
- 222
1 Answers
4
Re security - no, redis itself makes sure that injection is impossible. You might want to check the limits on string lengths etc. At worst (barring bugs) a badly formed query will cause a syntax error to be returned.
Re syntax - yes, make sure the reserved symbols like @!{}()|-=> are either escaped or stripped.
Not_a_Golfer
- 47,012
- 14
- 126
- 92