Meteorite documents http://docs.meteor.com/#dataandsecurity in the "Input Validation" section say:
Meteor allows your methods and publish functions to accept arguments of any type of JSON. (In fact, the Meteor protocol protocol supports EJSON, a JSON extension that also supports other common types, such as dates and binary buffers.) Dynamic JavaScript typing means you do not need to declare the exact types of each variable in your application, but this is usually useful for ensuring that the arguments that clients pass to your methods and publishing functions are of the type you expect.Meteor provides an easy library for checking these arguments, and other values are the type that you expect from them. Just run your function with statements like check (username, string) or check (office, {building: String, room: Number}). Calling a check print an error if its argument has an unexpected type.The meteor also provides an easy way to make sure all your methods and publish functions that check all their arguments. Just run a meteor to add validation-argument-validation and any method or publishing function that skips validating any of its arguments with an exception.
Meteor allows your methods and publish functions to accept arguments of any type of JSON. (In fact, the Meteor protocol protocol supports EJSON, a JSON extension that also supports other common types, such as dates and binary buffers.) Dynamic JavaScript typing means you do not need to declare the exact types of each variable in your application, but this is usually useful for ensuring that the arguments that clients pass to your methods and publishing functions are of the type you expect.
Meteor provides an easy library for checking these arguments, and other values are the type that you expect from them. Just run your function with statements like check (username, string) or check (office, {building: String, room: Number}). Calling a check print an error if its argument has an unexpected type.
The meteor also provides an easy way to make sure all your methods and publish functions that check all their arguments. Just run a meteor to add validation-argument-validation and any method or publishing function that skips validating any of its arguments with an exception.
The issue with introducing mangoes is explained in more detail in a security conversation: https://www.meteor.com/blog/2013/08/02/meteor-devshop-6-devshop-live-security-meteor-ui
So my questions are:
check
audit-argument-checks
find
collection.allow
collection.deny
allow
deny
Posts.allow({ insert: function(userId, doc) { check(doc, { _id: String, message: String, createdAt: Date }); return true; } });
, .
allow deny , . check allow/deny, , . , check .