The current implementation does not provide automated escaping of SPARQL inputs.
Example:
const result = await SELECT`
select * where {
?s rdfs:label ?x.
FILTER( ?x = "${str}" )
}`The problem here is that if str variable comes from the user and not sanitized it could lead to SPARQL injection.
The current implementation does not provide automated escaping of SPARQL inputs.
Example:
The problem here is that if
strvariable comes from the user and not sanitized it could lead to SPARQL injection.