是否有一种安全的方法可以让应用程序的用户创建自定义属性/ getter?

时间:2017-12-14 21:33:50

标签: javascript ecmascript-6 getter

考虑一个标准的getter:

CREATE TABLE Vet
(
    [VET_NUM] INT IDENTITY(1,1) CONSTRAINT Pk_Vet_VetNum PRIMARY KEY,
    [LAST_NAME] CHAR(20),
    [FIRST_NAME] CHAR(20),
    [STREET] CHAR(30),
    [CITY] CHAR(20),
    [STATE] CHAR(20),
    [POSTAL_CODE] CHAR(20),
    [SALARY] DECIMAL(8,2),
    [DEGREE] CHAR(20),
    [POSITION] CHAR(20)
);

CREATE TABLE Owner
(
    [OWNER_NUM] INT IDENTITY(1,1) CONSTRAINT Pk_Owner_OwnerNum PRIMARY KEY,
    [OWNER_NAME] CHAR(30) NOT NULL,
    [STREET] CHAR(30),
    [CITY] CHAR(20),
    [STATE] CHAR(20),
    [POSTAL_CODE] CHAR(20)

);

CREATE TABLE Pet
(
    [PET_NUM] INT IDENTITY(1,1) CONSTRAINT Pk_Pet_PetNum PRIMARY KEY,
    [PET_NAME] CHAR(35) NOT NULL,
    [STREET] CHAR(30),
    [CITY] CHAR(15),
    [STATE] CHAR(2),
    [POSTAL_CODE] CHAR(5),
    [BREED] CHAR(20),
    [OWNER_NUM] INT CONSTRAINT Fk_Pet_OwnerNum FOREIGN KEY REFERENCES Owner(OWNER_NUM),-- Added Foreign key reference 

)

CREATE TABLE Appointment
(
    [APPOINTMENT_NUM] INT IDENTITY(1,1) CONSTRAINT Pk_Appointment_AppointmentNum PRIMARY KEY,
    [APPOINTMENT_DATE] DATE,
    [VET_NUM] INT  CONSTRAINT Fk_Appointment_VetNum FOREIGN KEY REFERENCES VET(VET_NUM),-- Added Foreign key reference  );
    [PET_NUM] INT  CONSTRAINT Fk_Appointment_PetNum FOREIGN KEY REFERENCES Pet(PET_NUM)-- Added Foreign key reference  );
)

SET IDENTITY_INSERT vet ON
INSERT INTO vet ([vet_num],[last_name],[first_name],[street],[city],[state], [postal_code], [salary],[degree],[position]) 
VALUES (1, 'Skechley', 'Cristine', '24340 7th   Plaza', 'Pittsburgh', 'PA', '15274', 88053.30, 'Masters', 'Vet'), 
       (2, 'Fishpoole', 'Sig', '06784 Anthes Point', 'Philadelphia', 'PA', '19184', 45525.56, 'Associates', 'Receptionist'), 
       (3, 'Stother', 'Rycca', '04304 Superior Hill', 'Allentown', 'PA', '18105', 90553.37, 'Masters', 'Vet'), 
       (4, 'Scandrite', 'Kerrill', '30320 Express Crossing', 'Harrisburg', 'PA', '17126', 102553.59, 'Doctorates', 'Vet'), 
       (5, 'Glassman', 'Rhett', '33418 Tomscot Trail', 'Mc Keesport', 'PA', '15134', 56052.24, 'Bachelor', 'Management'), 
       (6, 'Gioan', 'Rab', '1 Pennsylvania Street', 'Hatfield', 'PA', '19440', 35880.76, 'Student', 'Janitor'), 
       (7, 'Patel', 'Dhruv', '24411 Jean Drive', 'Hatfield', 'PA', '19440', 42790.88, 'Student', 'Receptionist'), 
       (8, 'Smith', 'Giana', '24 Malple Street', 'Lansdale', 'PA', '19446', 35880.22, 'Student', 'Janitor'), 
       (9, 'Lopez', 'Briana', 'Orvilla', 'Allentown', 'PA', '18105', 74880.47, 'Masters', 'Vet'), 
       (10, 'Sam', 'Hector', 'Orvilla', 'Allentown', 'PA', '18105', 74880.47, 'Masters', 'Vet'); 
SET IDENTITY_INSERT vet OFF

SET IDENTITY_INSERT owner ON
INSERT INTO owner ([owner_num],[owner_name],[street],[city],[state],[postal_code]) 
VALUES (11, 'Sammantha Rodgers','96372 Dexter Terrace','Erie', 'PA','16510'), 
       (12,'Jenkins Tim','486 Marcy Avenue','Philadelphia','PA','19184'), 
       (13,'Smith Bobby','03781 Meadow Ridge','Erie','PA','16510'), 
       (14,'Parker Aaron','80 Marcy Place','Harrisburg','PA','17126'), 
       (15,'Gil Malcomn','239 Tony Point','Harrisburg','PA','17110'), 
       (16,'Ramsey Torrey','0778 Columbus Park','Philadelphia','PA','19178'), 
       (17,'Novak Cole','63519 Warbler Way','Pittsburgh','PA','15261'), 
       (18,'Cunningham Dylan','0728 Esch Terrace','Pittsburgh ','PA','15274'), 
       (19,'Barclay Liam','36 John Wall Parkway','Pittsburgh ','PA','15210'), 
       (20,'Perez Joeseph','Hatfield Village','Hatfield','PA','19440');
SET IDENTITY_INSERT owner OFF

SET IDENTITY_INSERT appointment ON
INSERT INTO appointment ([APPOINTMENT_NUM],[appointment_date],[VET_NUM],[PET_NUM]) 
VALUES (21,'12/11/2017',1,25), 
       (30,'12/12/2017',2,26), 
       (23,'12/12/2017',1,27), 
       (29,'12/13/2017',4,23), 
       (25,'12/14/2017',5,22); 
SET IDENTITY_INSERT appointment OFF

SET IDENTITY_INSERT Pet ON
INSERT INTO Pet ([PET_NUM], [PET_NAME], [STREET], [CITY], [STATE],[POSTAL_CODE], [BREED], [OWNER_NUM]) 
VALUES (21,'Jimmy','96372 Dexter Terrace','Erie', 'PA','16510','Affenpinscher',11), 
       (22,'Lily','486 Marcy Avenue','Philadelphia','PA','19184','American Bulldog',12), 
       (23,'Sally','03781 Meadow Ridge','Erie','PA','16510','American Eskimo Dog',13), 
       (24,'Joey','80 Marcy Place','Harrisburg','PA','17126','Barbet',14), 
       (25,'Rocky','239 Tony Point','Harrisburg','PA','17110','Papillon',15), 
       (26,'Sam','0778 Columbus Park','Philadelphia','PA','19178','McNab',16), 
       (27,'Chloe','63519 Warbler Way','Pittsburgh','PA','15261','Mountain Cur',17), 
       (28,'Mike','0728 Esch Terrace','Pittsburgh ','PA','15274','Pug',18), 
       (29,'Bruno','36 John Wall Parkway','Pittsburgh ','PA','15210','Pomeranian',19), 
       (30,'Daisy','Hatfield Village','Hatfield','PA','19440','Rat Terrier',20),
       (31,'Tim','Hatfield Village','Hatfield','PA','19440','German Shepherd',20);
SET IDENTITY_INSERT Pet OFF

DELETE 
FROM Appointment
Where [APPOINTMENT_DATE] = '12/12/2017';

UPDATE Owner
SET [OWNER_NAME] = 'Jennifer Rodgers'
WHERE [OWNER_NAME] = 'Sammantha Rodgers'

是否有安全的'允许此公式由应用程序用户设置的方法?

也就是说,它们必须能够在计算属性(getter)的计算中提取对象的属性。

我知道eval()对于明显的用途不满意。

我曾想过允许用户指定一个可以插补的字符串:

const data = { a: 10, b: 1, val: 12, get computedProperty () { // call this a formula: return this.a * this.b * this.val } }

...但这是否更好,因为它仍然可以允许任意代码执行?

其他人如何解决这个难题?我找不到任何好的参考或例子。

1 个答案:

答案 0 :(得分:0)

您可以随时创建自定义验证程序来验证公式,并仅在它是有效公式时对其进行评估。为您创建了一个这样的自定义验证器

const data = {
  a: 10,
  b: 1,
  val: 12,
  validateOperation: function(operation) {
    operation = operation.replace(/this./g,"");
    //Turn all non single-character variables to single character this way
    operation = operation.replace(/val/g,"c");
    var operands = ["(",")","*","/","+","-"];
    var chars = ["a", "b", "c"];
    var buff=[];
    var valid = true;

    //Run a loop over all the characters to check if same variables or operands don't come back to back. Else, it is an invalid formula
    for (var i = 0, len = operation.length; i < len; i++) {
      var char = operation.charAt(i);
      if(operands.indexOf(char) != -1) {
        if(buff.length) {
            //Only "(" or ")" can come back to back
            if(operands.indexOf(buff[buff.length-1]) != -1 && ["(",")"].indexOf(char) == -1 && ["(",")"].indexOf(buff[buff.length-1]) == -1) {
            valid = false;
            break;
          }
        }
      }
      else if(chars.indexOf(char) != -1) {
        if(buff.length) {
            if(chars.indexOf(buff[buff.length-1]) != -1) {
            valid = false;
            break;
          }
        }
      }
      else {
        valid = false;
        break;
      }
      buff.push(char);
    }

    return valid;
  },
  computedProperty: function(operation) {
    // call this a formula:
    operation = operation.replace(/ /g, "");
    if(this.validateOperation(operation)) {
        return eval(operation);
    }
    else {
        return false;
    }
  }
}

var operation = "this.a * this.b * this.val";

alert(data.computedProperty(operation));

基本上,它是一个可扩展且简单的公式计算器,它还检查公式中给出的字符是否与支持的对象变量匹配。

相关问题
最新问题