How does MongoDB address SQL or Query injection? explains how to handle query injection with BSON when using javascript on the server. I haven't been able to track down how/whether Mongoose handles query injection though.
At this point I have two questions:
- Does Mongoose protect against query injection (using BSON or some other method)
- If it does, are there any quirks with it's implementation that a developer need to be aware of?