1

I'm searching on the internet about mongoengine security and i can't find anything. My concern is if mongoengine is treating javascript injection.

Thank you for your time.

Improve this question
1

2 Answers 2

Reset to default
0

i think it is possible but i personally never try it. i did it for RDMS and i find many usefull thinks in the owasp guideline. and i recently see that OWASP wrote an Article about mongoDB injection too.

so Mongo use javascript and json. because these use special character like 

' " \ ;

the first ideas will be to sanitize all user inputs. check out the owasp Link.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

i don't know if Mongoengine automatically do that.
0

Mongoengine escaped string, so is no possibility for javaScript injection. https://github.com/MongoEngine/mongoengine/search?utf8=%E2%9C%93&q=escape

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.