node.js过滤输入 [英] nodejs filtering inputs

问题描述

在PHP中，我使用函数来过滤输入数据 htmlspecialchars和mysql_real_escape_string. nodejs中是否有类似的功能?

In PHP to filter inputs data I use functions htmlspecialchars and mysql_real_escape_string. Is there any functions like this in nodejs?

我需要检查rounter函数中的所有输入，以防止像xss这样的黑客攻击. 谢谢！

I need to check all inputs in my rounter functions to prevent hacker attacks like xss. Thanks!

推荐答案

node-validator 是完美的库，它具有许多验证和卫生/过滤功能，例如:

node-validator is the perfect library for this, it has many functions for both validation and sanitation / filtering, for example:

entityDecode()                  //Decode HTML entities
entityEncode()
xss()                           //Remove common XSS attack vectors from text (default)
xss(true)                       //Remove common XSS attack vectors from images

或

contains(str)
notContains(str)
regex(pattern, modifiers)       //Usage: regex(/[a-z]/i) or regex('[a-z]','i')
notRegex(pattern, modifiers)
len(min, max)                   //max is optional
isUUID(version)                 //Version can be 3 or 4 or empty, see http://en.wikipedia.org/wiki/Universally_unique_identifier
isDate()                        //Uses Date.parse() - regex is probably a better choice
isAfter(date)                   //Argument is optional and defaults to today
isBefore(date)                  //Argument is optional and defaults to today
isIn(options)                   //Accepts an array or string

这篇关于node.js过滤输入的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！