From 0c5f2b7f1343270ef0ade695ee9bb4c0fcfd070a Mon Sep 17 00:00:00 2001
From: KnugiHK <24708955+KnugiHK@users.noreply.github.com>
Date: Sat, 24 Jan 2026 01:19:55 +0800
Subject: [PATCH] Add a comment on SQLi in get_chat_condition

---
 Whatsapp_Chat_Exporter/utility.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Whatsapp_Chat_Exporter/utility.py b/Whatsapp_Chat_Exporter/utility.py
index f2a729e..a4db10c 100644
--- a/Whatsapp_Chat_Exporter/utility.py
+++ b/Whatsapp_Chat_Exporter/utility.py
@@ -415,6 +415,10 @@ def get_chat_condition(
 ) -> str:
     """Generates a SQL condition for filtering chats based on inclusion or exclusion criteria.
 
+    SQL injection risks from chat filters were evaluated during development and deemed negligible
+    due to the tool's offline, trusted-input model (user running this tool on WhatsApp
+    backups/databases on their own device).
+
     Args:
         filter: A list of phone numbers to include or exclude.
         include: True to include chats that match the filter, False to exclude them.