You're viewing the legacy docs. They are deprecated as of May 18, 2016.
Go to current docs

Security & Rules

Rule Types and Variables

A Rule Expression is a string of text following a Rule Type of .write, .read or .validate in your Security and Firebase rules which is then evaluated by Firebase to make security decisions. For example:

".read": "auth.uid == $user && data.child('active').val() == true"

The syntax is a subset of JavaScript's expression syntax with a few behavioral changes to increase clarity and correctness.

String Operations

When dealing with strings in the rules (e.g. contained in your auth object or returned by val), we provide a few methods to help with validation and manipulation. See String for details.