vulcan-sql icon indicating copy to clipboard operation
vulcan-sql copied to clipboard
verified publisher icon Canner

Parameterize the output of custom tags

Open oscar60310 opened this issue 3 years ago • 0 comments

What’s the problem you're trying to solve

We've parameterized all the input data, but if the queries were generated by custom tags (Tag Extensions), we are not able to handle them.

Extension

createTagExtension('test', async ({ args, sql }) =>
    `${args['arg']} ${sql}`
);

Template

{% test arg=context.params.id %}
{{ context.params.id }}
{% endtest %}

Result (with id = 'some injection')

some injection $1

Describe the solution you’d like

TBD

Additional context

We'd parameterize the output of filters, so custom filters are not affected.

oscar60310 avatar Oct 24 '22 09:10 oscar60310