feat: allow Postgres JSON path syntax in isSafeColumn (!3) · Merge requests · Go / zeroresponse

chaiwat sae-jiw requested to merge feat/update-buildin-func into main May 14, 2026

Extend the column-name whitelist to accept -> and ->> accessors so callers can search/filter/sort on JSONB fields (e.g. meta_data->>'plateNumber', sp.meta_data->'a'->>'b') without being silently dropped. Keys are restricted to single-quoted safe identifiers or non-negative integer indexes, so the column remains injection-safe when it carries through from a user-supplied query parameter.

Co-Authored-By: Claude Opus 4.7 noreply@anthropic.com

feat: allow Postgres JSON path syntax in isSafeColumn

Merge request reports