我从来没有安装过任何xss保护或类似的东西。我意识到我正在使用头盔,但是输出也没有头盔也受到保护。
使用头盔输入数据库:
"\"<p>\\\"<p>sdfsdf<strong>sdfsdf</strong>f</p>\\\"<\/p>\""
不带头盔的数据库输入
"\"<p>fsdfds<strong>fsdfsd<em>fdsfsdfs<\/em><\/strong><\/p>\""
但是网站上没有头盔的输出仍然是
"<p>fsdfds<strong>fsdfsd<em>fdsfsdfs</em></strong></p>"
该怎么做才能显示正确的格式而不是标签?
添加文章控制器
const Article = require("../models/article")
exports.articleAdd = function (req, res) {
var heading = req.body.heading;
var author = req.user.firstname;
var body = req.body.body;
var slug = req.body.slug;
var thumbnail = "/uploads/thumbnails/" + req.body.slug + ".jpg";
// Validation
req.checkBody("heading", "heading is required").notEmpty();
req.checkBody("body", "body is required").notEmpty();
req.checkBody("slug", "slug is not valid").notEmpty();
var errors = req.validationErrors();
if (errors) {
res.render("../core/modules/articles/views/addArticles", {
errors: errors,
layout: 'cmsLayout',
heading: heading,
author: author,
body: body,
slug: slug
});
} else {
let article = new Article({
heading: heading,
author: author,
body: body,
slug: slug,
thumbnail: "/uploads/thumbnails/" + req.body.slug + ".jpg"
});
article.save(function (err) {
if (err) {
console.log(err);
return;
} else {
res.redirect('/');
}
});
}
}
答案 0 :(得分:0)
很抱歉,我没有说我正在使用HANDLEBARS的错误。这实际上是问题。要像html一样输出,我需要使用由{{{something}}}插入的{{something}}