如果节点模块`body-parser`不安全,下一个解决方案是什么? [英] If node module `body-parser` is not safe, what is the next solution?
问题描述
我在node.js中阅读了 body-parser 上的帖子,声称它不安全。
<如果我不在我的项目中使用任何
正文解析器中间件,我应该使用什么解决方案来确保安全? 不要将ExpressParser与Express.js一起使用
我是node.js的新手,所以如果您的解决方案提供了示例,我将非常感谢!
提前Thx!
解决方案在您链接的文章中提供to。
避免使用bodyParser并明确使用您需要的中间件
如果要在端点中解析json,请使用
ex press.json()中间件。如果你想要json和urlencoded端点,请使用[express.json(),express.urlencoded()]作为你的中间件。
如果您希望用户将文件上传到您的端点,您可以使用
express.multipart()并确保清理所有创建的临时文件。这仍然会从之前提到的问题#3中填充[原文如此]。
但请注意,在Express 4中,这些中间件不再打包用Express。它们现在可以通过 body-parser 包, json 和 urlencoded 属性。他们推荐一些其他包用于分段上传。
I read a post on body-parser in node.js and it claimed that it is not safe.
If I'm not to use any body-parser middleware in my project, what solution should I use to ensure safety?
Do Not Use bodyParser with Express.js
body-parser deprecation message
I'm a newbie on node.js so if your solution is provided with examples, I'll really appreciate!
Thx in advance!
The solution is provided in the very article you linked to.
Avoid bodyParser and explicitly use the middleware that you need
If you want to parse json in your endpoint, use
express.json()middleware. If you want json and urlencoded endpoint, use[express.json(), express.urlencoded()]for your middleware.If you want users to upload files to your endpoint, you could use
express.multipart()and be sure to clean up all the temp files that are created. This would still stuffer [sic] from problem #3 previously mentioned.
Note however that in Express 4, these middlewares are no longer packaged with Express. They are now available via the body-parser package, with json and urlencoded properties. They recommend some other packages for multipart uploads.
这篇关于如果节点模块`body-parser`不安全,下一个解决方案是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
