From 00a10b2d06cd7652f5496ee628070c3e38000e74 Mon Sep 17 00:00:00 2001 From: Rasmus Porsager Date: Tue, 23 Mar 2021 22:01:34 +0100 Subject: [PATCH] Fix escaping for helpers and listen fixes #157 and #57 and #97 and #111 and #71 --- lib/types.js | 19 +------------------ tests/index.js | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+), 18 deletions(-) diff --git a/lib/types.js b/lib/types.js index 6d90f07b..c19b5063 100644 --- a/lib/types.js +++ b/lib/types.js @@ -66,24 +66,7 @@ function typeHandlers(types) { } module.exports.escape = function escape(str) { - let result = '' - let q = str[0] < 10 || str[0] === '$' - let last = 0 - let c - - for (let i = 0; i < str.length; i++) { - c = str[i].charCodeAt(0) - if (str[i] === '"') { - q = true - result += str.slice(last, i) + '"' - last = i - } else if (c === 96 || (c !== 36 && c <= 47) || (c >= 58 && c <= 64) - || (c >= 91 && c <= 94) || (c >= 123 && c <= 128)) { - q = true - } - } - - return (q ? '"' : '') + (q ? result + str.slice(last, str.length) : str) + (q ? '"' : '') + return '"' + str.replace(/"/g, '""') + '"' } const type = { diff --git a/tests/index.js b/tests/index.js index a3d77b47..f2b1ce57 100644 --- a/tests/index.js +++ b/tests/index.js @@ -578,6 +578,13 @@ t('listen and notify with weird name', async() => { )] }) +t('listen and notify with upper case', async() => + ['works', await new Promise(async resolve => { + await sql.listen('withUpperChar', resolve) + sql.notify('withUpperChar', 'works') + })] +) + t('listen reconnects', async() => { const listener = postgres(options) , xs = [] @@ -731,6 +738,18 @@ t('sql().finally throws not tagged error', async() => { return ['NOT_TAGGED_CALL', error] }) +t('little bobby tables', async() => { + const name = 'Robert\'); DROP TABLE students;--' + + await sql`create table students (name text, age int)` + await sql`insert into students (name) values (${ name })` + + return [ + name, (await sql`select name from students`)[0].name, + await sql`drop table students` + ] +}) + t('dynamic column name', async() => { return ['!not_valid', Object.keys((await sql`select 1 as ${ sql('!not_valid') }`)[0])[0]] })