ag-grid-mongo-query-builder - npm Package Compare versions

Comparing version 0.3.6 to 0.3.7

package.json

 {
   "name": "ag-grid-mongo-query-builder",
-  "version": "0.3.6",
+  "version": "0.3.7",
   "description": "Utility to generate Mongo DB aggregation pipeline queries starting from AgGrid server side params",
@@ -5,0 +5,0 @@ "main": "index.js",

queryBuilder.js

@@ -184,3 +184,3 @@ //const mongoose = require('mongoose');
             } else {
-                finalQuery.push( { [column.field]: { "$regex": searchVal, "$options": "i" } });
+                finalQuery.push( { [column.field]: { "$regex": escapeSpecialChars(searchVal), "$options": "i" } });
             }
@@ -221,3 +221,3 @@ } else if(column.filter && column.filter == "agSetColumnFilter") {
     searchValArr.map(Val => {
-        if(type === 'text') conditions.push({[column]: { "$regex": Val, "$options": "i" }});
+        if(type === 'text') conditions.push({[column]: { "$regex": escapeSpecialChars(Val), "$options": "i" }});
         if(type === 'number') conditions.push({[column]: { "$eq": parseInt(Val) }});
@@ -266,3 +266,3 @@ if(type === 'set') conditions.push({[column]: { "$eq": Val}});
                 } else {
-                    finalQuery.push( { [column.field]: { "$regex": flagVal, "$options": "i" } });
+                    finalQuery.push( { [column.field]: { "$regex": escapeSpecialChars(flagVal), "$options": "i" } });
                 }
@@ -389,8 +389,8 @@ } else if(column.filter && column.filter == "agSetColumnFilter") {
     switch (obj.type) {
-        case "contains": return { [key]: { "$regex": obj.filter, "$options": "i" } };
+        case "contains": return { [key]: { "$regex": escapeSpecialChars(obj.filter), "$options": "i" } };
         case "equals": return { [key]: obj.filter };
         case "notEqual": return { [key]: { "$ne": obj.filter } };
-        case "notContains": return { [key]: { "$not": { "$regex": obj.filter, "$options": "i" } } };
-        case "startsWith": return { [key]: { "$regex": "^" + obj.filter, '$options': 'i' } };
-        case "endsWith": return { [key]: { "$regex": obj.filter + "$", '$options': 'i' } };
+        case "notContains": return { [key]: { "$not": { "$regex": escapeSpecialChars(obj.filter), "$options": "i" } } };
+        case "startsWith": return { [key]: { "$regex": "^" + escapeSpecialChars(obj.filter), '$options': 'i' } };
+        case "endsWith": return { [key]: { "$regex": escapeSpecialChars(obj.filter) + "$", '$options': 'i' } };
         case "blank": return { $expr: {$or: [{$and: [{ $eq: [`$${key}Type`, "array"] },
@@ -1051,2 +1051,18 @@ { $or: [{ $eq: [{ $size: "$"+key }, 0] },
   
+function escapeSpecialChars(stringValue) {
+    if(stringValue && stringValue!='' && checkSpecialChars(stringValue)) {
+        return stringValue.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+    } else return stringValue;
+}
+
+function checkSpecialChars(stringValue) {
+    const specialChars = `\`!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?~`;
+    return specialChars.split('').some(specialChar => {
+      if (stringValue.includes(specialChar)) {
+        return true;
+      }
+      return false;
+    });
+}
+
 module.exports.buildQuery=buildQuery;
@@ -1053,0 +1069,0 @@ module.exports.buildCountQuery=buildCountQuery;

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

44129

increased by1.45%

Lines of code

927

increased by1.53%

No dependency changes