fix(security): sanitize fields and tables when using nestTables

[wellwelwel]

Improves the changes from #2591 by validating nestTables final fields and tables.

---

I'm not sure about the need to validate when used in combination with the rowAsArray option:

For now, I've applied validation to all the properties created in result object.

} else if (options.rowsAsArray) {
  lvalue = `result[${helpers.fieldEscape(i.toString(10))}]`;
} else {

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 90.32%. Comparing base (8b5f691) to head (1bde405).

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #2702      +/-   ##
==========================================
- Coverage   90.32%   90.32%   -0.01%     
==========================================
  Files          71       71              
  Lines       15727    15726       -1     
  Branches     1340     1342       +2     
==========================================
- Hits        14206    14205       -1     
  Misses       1521     1521              

Flag	Coverage Δ
compression-0	90.32% <100.00%> (-0.01%)	⬇️
compression-1	90.32% <100.00%> (-0.01%)	⬇️
tls-0	89.85% <100.00%> (-0.01%)	⬇️
tls-1	90.15% <100.00%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[sidorares]

thanks @wellwelwel !
LGTM, but I can't see how can i.toString(10) ever possibly dangerous, probably no need for sanitization here?

[wellwelwel]

thanks @wellwelwel ! LTM, but I can't see how can i.toString(10) ever possibly dangerous, probably no need for sanitization here?

It's done 🙋🏻‍♂️