docs(filters): clarify how to use string maps

I personally struggled with the current description. I hope this wording is more explicit about when you need to use `Ash.Filter.parse_input/2`.
ash-project · Dec 6, 2024 · 5ba3c18 · 5ba3c18
1 parent 64afdd9
commit 5ba3c18
Showing 1 changed file with 4 additions and 6 deletions.
diff --git a/lib/ash/filter/filter.ex b/lib/ash/filter/filter.ex
@@ -116,12 +116,10 @@ defmodule Ash.Filter do
 
   ## Security Concerns
 
-  If you are using a map with string keys, it is likely that you are parsing
-  input. It is important to note that, instead of passing a filter supplied from
-  an external source directly to `Ash.Query.filter/2`, you should call
-  `Ash.Filter.parse_input/2`.  This ensures that the filter only uses public
-  attributes, relationships, aggregates and calculations, honors field policies
-  and any policies on related resources.
+  Do not pass user input directly to `Ash.Query.filter/2`, it will not be sanitised. Instead use
+  `Ash.Filter.parse_input/2` or `Ash.Query.filter_input/2`.
+
+  See `Ash.Query.filter_input/2` for more information.
 
   ## Writing a filter