2 Replies
no, Convex doesn't run SQL. And javascript-injection is mostly prevented because the Convex runtime doesn't allow
eval. if you have ideas for other kinds of attacks that might be possible, feel free to ask here -- and if it's a serious concern, reach out to security@convex.devThank you