heschong · September 14, 2015 06:26
diff --git a/flexible_publications.js b/flexible_publications.js
 /*
 * This is a simple pattern for a flexible publication mechanism, for feedback purposes
 */




 // ... on client and server
 MyCollection = new Mongo.Collection('mycollection');




 // ... on the server

 /*
 * This function allows us to check to see if a MongoDB query object is
 * relatively safe from NoSQL injection attempts
 * 
 * Usage via a check function:
 * 
 * check(arg, Match.Where(safeQuery));
 */
 safeQuery = function(value) {
    return !EJSON.stringify(value).match(/\"\$(where|inc|mul|rename|setOnInsert|set|unset|currentDate)\"/g);
 }

 // Publish a document set with the client's dynamic specifiers
 Meteor.publish('mycollection', function(where) {
  check(where, Match.Where(safeQuery));
  return MyCollection.find(where);
 });




 // ... On the client

 // Subscribe to all the documents matching { some: 'criteria' }
 Meteor.subscribe('mycollection', { some: 'criteria' });
 var stuff = MyCollection.find({ someMore: 'criteria' });
	/*
	* This is a simple pattern for a flexible publication mechanism, for feedback purposes
	*/




	// ... on client and server
	MyCollection = new Mongo.Collection('mycollection');




	// ... on the server

	/*
	* This function allows us to check to see if a MongoDB query object is
	* relatively safe from NoSQL injection attempts
	*
	* Usage via a check function:
	*
	* check(arg, Match.Where(safeQuery));
	*/
	safeQuery = function(value) {
	return !EJSON.stringify(value).match(/\"\$(where\|inc\|mul\|rename\|setOnInsert\|set\|unset\|currentDate)\"/g);
	}

	// Publish a document set with the client's dynamic specifiers
	Meteor.publish('mycollection', function(where) {
	check(where, Match.Where(safeQuery));
	return MyCollection.find(where);
	});




	// ... On the client

	// Subscribe to all the documents matching { some: 'criteria' }
	Meteor.subscribe('mycollection', { some: 'criteria' });
	var stuff = MyCollection.find({ someMore: 'criteria' });