Rules Hub
Coding Rules Library
← Back to all rules
Rule priority, scope & exceptions
Use this to align rules with the senior-level structure (P0/P1/P2, scope, exceptions/tradeoffs).
backend ruleP0universalStack: node
securityinjectionvalidationsearch
Sanitize and bound user input before building search queries
Trim, length-cap, and early-return on empty user-supplied search terms before injecting them into a search-engine query, even for non-SQL backends.
PR: hegnar-ws · org-mining-2026-06Created: Jun 17, 2026
Bad example
Old codetypescript
| 1 | searchByName(query: string) { |
| 2 | return this.addClause({ prefix: { 'tags.name': query } }); |
| 3 | } |
Explanation (EN)
Objašnjenje (HR)
Good example
New codetypescript
| 1 | searchByName(query: string) { |
| 2 | const term = query.trim().substring(0, 100); |
| 3 | if (!term) return this; |
| 4 | return this.addClause({ prefix: { 'tags.name': term } }); |
| 5 | } |
Explanation (EN)
Objašnjenje (HR)