Learn how to use Dash Bio for next-gen sequencing & quality control. 🧬Register for the Oct 27 webinar.

User supplied filter & sort strings for datatable


I’m considering exposing a datatable’s filter queries and sorts to the url, so that users can send each other links to share specific results after drilling down into the data.

As long as I don’t do any execs(), evals(), or string formatting on these strings and they pass straight into the datatable, do I have to worry about any injection hacking? My guess is no, but late into writing the code I’m starting to wonder.

Any thoughts?