docs(filters): clarify how to use string maps

alexslade · alexslade · commit 332b0ab4a04a · 2024-12-06T19:48:12.000Z
I personally struggled with the current description. I hope this reduced
wording is more explicit, while re-using explanation from
`Ash.Query.filter_input/2`.
diff --git a/lib/ash/filter/filter.ex b/lib/ash/filter/filter.ex
@@ -116,12 +116,10 @@ defmodule Ash.Filter do
 
   ## Security Concerns
 
-  If you are using a map with string keys, it is likely that you are parsing
-  input. It is important to note that, instead of passing a filter supplied from
-  an external source directly to `Ash.Query.filter/2`, you should call
-  `Ash.Filter.parse_input/2`.  This ensures that the filter only uses public
-  attributes, relationships, aggregates and calculations, honors field policies
-  and any policies on related resources.
+  Do not pass user input directly to `Ash.Query.filter/2`, it will not be sanitised. Instead use
+  `Ash.Filter.parse_input/2` or `Ash.Query.filter_input/2`.
+
+  See `Ash.Query.filter_input/2` for more information.
 
   ## Writing a filter
 
