validateValObjectId checks that an ObjectId starting with "val(" is a well-formed val(variableName) reference and contains no injected DQL syntax.
(objectId string)
| 847 | // validateValObjectId checks that an ObjectId starting with "val(" is a well-formed |
| 848 | // val(variableName) reference and contains no injected DQL syntax. |
| 849 | func validateValObjectId(objectId string) error { |
| 850 | objectId = strings.TrimSpace(objectId) |
| 851 | if !valVarRegexp.MatchString(objectId) { |
| 852 | return errors.Errorf("invalid val() reference in ObjectId: %q", objectId) |
| 853 | } |
| 854 | return nil |
| 855 | } |
| 856 | |
| 857 | // langTagRegexp matches a valid BCP 47 language tag (letters, digits, hyphens). |
| 858 | var langTagRegexp = regexp.MustCompile(`^[a-zA-Z]+(-[a-zA-Z0-9]+)*$`) |