Is it acceptable to use eval() for MongoDB searches even when not considering case sensitivity?

I currently have a large collection of data stored in MongoDB, with most entries written in title-case. For example:

{
   'name':'Awesome Pair of Shoes',
   'brand':'CompanyABC',
   'description':'These shoes are top-notch. Available in black.'
},{
   'name':'amazing sneakers',
   'brand':'companyXYZ',
   'description':'Sneakers that come in various colors and styles.'
}

In my Angular/Node frontend, I want to enable users to search for records. However, due to MongoDB's case-sensitive nature, I am facing some challenges.

Currently, when a user searches for "awesome" (in lowercase) in the "name" field, I have to query as follows to ensure both awesome and Awesome are returned:

The query is wrapped in a regex pattern. So if the user searches for "awesome", it's processed as name:/awesome/i

exports.searchQuery = function(req,res){
    var query = req.params.query; // 'name:/awesome/i'
    var properties = query.split('+');
    var criteria = {};
    properties.forEach(function(property) {
        var propParts = property.split('=');
        criteria[propParts[0]] = eval(propParts[1]); // criteria{name:/awesome/i};
    });

    db.products.find(criteria, function (err, result) {
       // Handle the results
    });
}

While this method returns the accurate results, I am unsure about its security implications and whether there is a more efficient approach.

This dilemma is similar to the discussion found here: Case insensitive search in Mongo. I am seeking advice on best practices for optimizing speed and ensuring data security.

javascriptsecuritymongodbeval

Answer №1

Instead of creating the `/awesome/i` string, it might be more efficient to pass down the variable `awesome` and then modify the code as follows:

criteria[propParts[0]] = new RegExp(propParts[1], "i");

This approach will achieve the same result of creating a case-insensitive regular expression without the need for using `eval` or excessive string manipulation.

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

What is the process for selecting the default option in a drop-down menu?

Is there a way to set the default value in a drop-down list using material-ui? I attempted to use displayEmpty="true", but it did not work. I want the first option, A, to be pre-selected so that it is visible to the user in the UI without them having to m ...

javascriptreactjsmaterial-ui

Vue.js 3 EventBus: Streamlining Communication within Your Application

What is the updated way to implement Event Bus in Vue 3? In previous versions of Vue (Vue 2), it was achieved through: export const bus = new Vue(); bus.$on(...) bus.$emit(...) However, with the release of Vue 3, the Vue function no longer serves as a c ...

javascriptvue.jsvue-componentvuejs3vue-composition-api

Storing a string in localStorage versus $localStorage in Angular 1 yields distinct value differences

I have encountered an issue in my angular controller where I am trying to save a token returned from an API endpoint as a string. In this example, I have used the variable testData instead of the actual token. var testData = "testdata" $localStorage[&apo ...

javascriptangularjsng-storage

Using Backbone.js to dynamically filter a collection when a user clicks a specific element

update added more details about my progress so far. I'm currently in the process of developing an app that showcases the gists of members belonging to a specific organization, drawing inspiration from bl.ocks.org. My goal is to enable users to click ...

javascriptjqueryeventsbackbone.jscoffeescript

Tips for discovering the exact positions of child divs that are Nth siblings within a parent div

I have designed a new calendar interface with dynamic functionality. When the user clicks on any time slot displayed in IMAGE1, a span element is created dynamically to represent 8 hours starting from that clicked time. My question is, how can I access th ...

javascriptjqueryhtmlcss

The drag-and-drop application failed to upload a video using Ajax

I am currently working on an application that allows users to upload files to a server with a drag and drop function. The app is functioning well for images, but occasionally encounters issues when trying to upload videos. I'm not certain if there&apo ...

javascriptphpajax

Converting Nested JSON Objects to CSV Using NodeJS and ExpressJS

I need to transfer the CSV file from Server to Client. I currently have JSON Objects retrieved from MongoDB using ExpressJS Response. Below is my NodeJS code that processes a POST request from the client containing Id's in the body and a Collection N ...

jsonnode.jsmongodbcsvexpress

Running a function following the completion of an animation with setTimeout

Recently stumbled upon this cool code snippet on stack overflow http://codepen.io/anon/pen/LERrGG. I see a lot of potential in this pen, but the one drawback is the lack of functionality to execute a function after the timer expires. I've been trying ...

javascriptjqueryhtmlcssjquery-animate

Storing Firestore Timestamp as a Map in the database

Snippet Below const start = new Date(this.date + 'T' + this.time); console.log(start); // Thu Sep 12 2019 04:00:00 GMT+0200 const tournament:Tournament = { start: firebase.firestore.Timestamp.fromDate(start) } When passing the tournament ...

javascriptnode.jsfirebasegoogle-cloud-firestore

Unique design elements of chevron and circle on the Slick Slider vanish upon clicking

I have successfully customized the left and right chevron buttons with a circular design for the Slick Slider Carousel. However, I am facing an issue where clicking on either the left or right chevron causes the circle to disappear. The circle reappears wh ...

javascriptjquerycssslick.js

Mapping JSON data with an elastic search cluster can be challenging, especially when dealing with a dynamic number of fields

I am currently developing an application where I need to map JSON data for storage in Elasticsearch. The challenge is that the number of fields in the JSON data is dynamic. How can I handle mapping in this scenario? Mapping Snippet var fs = uploadedFiles ...

javascriptjsonelasticsearchmapping

Is it possible to ensure that an event will always be true in the console without having prior knowledge of the props by utilizing an external framework?

Within my input field, there is a calendar that opens when clicked, as it is part of a library. However, I am facing an issue where I am unable to change the styles of the calendar and inspect them through the console. The scenario unfolds as follows: Cl ...

javascriptreactjsgoogle-chrome-devtools

How can Grafana be utilized for monitoring MongoDB's performance?

Is there a way to track MongoDB performance using Grafana? I'm aware of the plugin that allows for data visualization. However, I'm curious if it is possible to monitor specific metrics such as connection count or rows written/deleted in MongoD ...

mongodbperformancejmetergrafana

Implement pagination for a collection of elements in a Python Flask application

When working in Python, I use the following code to retrieve a list of items: from flask_paginate import Pagination @app.route('/retrieve_data') def retrieve(): PER_PAGE=5 connection = MongoClient() db=connection.rheoML fs = grid ...

pythonmongodbflaskpaginationpymongo

Struggling to click on a dynamic link before it times out

Can someone help me with a puzzling issue I can't seem to solve? I am trying to achieve the following: Whenever a link is clicked (for example: mysite.com/blog/blog-article.html), I want to save the href of that link to a variable. Then, in JavaScri ...

javascriptajaxhistory.jshtml5-history

Develop a personalized mapping API with a unique image integration for website navigation

Currently, I am in the process of developing a website for my university that will allow users to easily locate all available free food options on campus. My goal is to create a platform where food providers can register their events, have them saved in a ...

phpjavascripthtml

Utilize the toString method on a JSON object with the help of JAXB

Currently, I am delving into the world of Java and MongoDB, specifically focusing on creating a RESTful service. Everything is functioning properly, but there is one aspect of my Cliente class that I would like to modify during deserialization - the privat ...

javajsonmongodbrestjaxb

Type the website address into the browser's address bar

Recently, I've been exploring the possibility of combining two ideas to navigate to a relative URL based on the current URL. While browsing this link, I came across the following code snippet: <script> function myFunction() { var x ...

javascripthtmlurl

Animation of two divs stacked on top of each other

I am trying to replicate the animation seen on this website . I have two divs stacked on top of each other and I've written the following jQuery code: $('div.unternehmen-ahover').hover( function () { $('div.unternehmen-ahover' ...

javascriptjquerycsshtmlslider

"Combining elements shatters the flow of the Ajax

Currently, I am in the process of creating an Ajax call that will initially check whether a specific post ID has already been voted on. The PHP code I am working on involves retrieving the post IDs, checking if they are empty, setting them if they are, or ...

javascriptphpjqueryajaxwordpress