implement escaping in SPARQL #3
Description
The current implementation does not provide automated escaping of SPARQL inputs.
Example:
const result = await SELECT`
select * where {
?s rdfs:label ?x.
FILTER( ?x = "${str}" )
}`The problem here is that if str variable comes from the user and not sanitized it could lead to SPARQL injection.