Express.js请求正文__proto__ [英] Express.js request body __proto__

问题描述

我对express.urlencoded（）中间件生成的request.body有一点问题。在某些情况下，它会在request.body对象的末尾添加 __ proto __ ，而不能直接用于启动moongose模型，如此 var user =新用户（req.body）

I have a little problem with request.body generated by express.urlencoded() middleware. In some cases it adds __proto__ at the end of request.body object and than it can't be used directly to initiate moongose model like so var user = new User(req.body)

作为示例，我将使用 node-express-mongoose-demo 存储库。所有表单都运行正常，但 app.post（'/ users'，users.create）收到req.body污染与 __ proto __

As an example I'll use node-express-mongoose-demo repository. All forms works just fine but app.post('/users', users.create) recieves req.body "polluted" with __proto__

提前感谢您的任何帮助

推荐答案

似乎问题来自 urlencoded 中间件，这是 Express 3 中包含的中间件。

It seems that the problem comes from the urlencoded middleware, the one which is included with Express 3.

一种可能的解决方案是不使用Express bodyParser，而是使用 body-parser 模块。

A possible solution is not to use the Express bodyParser, but the body-parser module.

而不是

app.use(express.urlencoded())

你可以写

var bodyparser = require('body-parser')

..........

app.use(bodyparser.urlencoded())

问题似乎来自 qs 模块（ express 3 模块使用的版本）。它强制在它构建的对象上添加 __ proto __ 。最后一个版本没有这个问题。

The problem seems to come from the qs module (the version used by express 3 module). It forces to add a __proto__ on the objects it builds. The last version does not have this issue.

这篇关于Express.js请求正文__proto__的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！