Expand description
PostgreSQL-specific SQL escaping for minijinja templates.
This module provides safe SQL value formatting for PostgreSQL databases. It handles all minijinja value types and converts them to appropriate PostgreSQL literal syntax.
§Escaping Rules
- Strings: Escaped using PostgreSQL’s
escape_literal(handles quotes, special chars) - Numbers: Output directly (integers and floats are safe)
- Booleans: Converted to
TRUE/FALSE - None: Converted to
NULL - Undefined: Empty string (consistent with minijinja defaults)
- Bytes: Converted to PostgreSQL bytea hex format (
'\xDEADBEEF'::bytea) - Sequences: Converted to PostgreSQL
ARRAY[...]with recursively escaped elements - Maps: Converted to JSON-like string and escaped (can be cast to
::jsonb) - Plain objects: Stringified and escaped
- Invalid values: Return an error
§Security
The only ways to bypass escaping are:
- Using the
|safefilter in templates (intentional) - Using
Value::from_safe_string()in Rust code (requires explicit code)
The |escape filter will error for custom SQL formats, preventing accidental misuse.
Constants§
- FORMAT_
NAME - The auto-escape format name for PostgreSQL.
Functions§
- auto_
escape_ callback - Auto-escape callback for PostgreSQL SQL templates.
- sql_
escape_ formatter - Custom formatter that escapes values for safe PostgreSQL interpolation.