我在Express / MongoDB项目中使用sanitizeBody.escape。当我对“&”号&进行消毒时,它给了我&,然后下次我“更新”此字段时,它再次对&进行了消毒,所以我得到了&,并且那么如果我再次“更新”,该表达式将被清理为&(无穷大)。如何防止这种“过量”消毒?谢谢!
(下面是完整的代码块)。 。 。
exports.bookinstance_update_post = [
body('book', 'Book must not be empty').isLength({min: 1}).trim(),
body('imprint', 'Imprint must not be empty').isLength({min: 1}).trim(),
body('status', 'Status must not be empty').isLength({min: 1}).trim(),
body('due_back', 'Invalid date').optional({checkFalsy: true}).isISO8601(),
sanitizeBody('book').escape(),
sanitizeBody('imprint').escape(), // This is the field where I input an ampersand
sanitizeBody('status').escape(),
sanitizeBody('due_back').escape(),
(req,res,next) => {
const errors = validationResult(req);
var bookInstance = new BookInstance( {
book: req.body.book,
imprint: req.body.imprint,
status: req.body.status,
due_back: req.body.due_back,
_id: req.params.id
});
if (!errors.isEmpty()) {
Book.find({}, function(err, result) {
if (err) { return next(err);}
for (let i = 0; i < Status.length; i++) {
if (this.bookInstance.status == Status[i]) { Status[i].checked='true'}
};
for (let i = 0; i < result.book.length; i++) {
if (this.bookInstance.book == result.book[i]) { result.book[i].selected='true'}
};
res.render('bookinstance_form', { title: 'Update BookInstance', book_list: result.book, status: Status, errors: errors.array()})
});
} else {
BookInstance.findByIdAndUpdate(req.params.id,bookInstance,function(err, result){
if (err) { return next(err);}
res.redirect('/catalog/bookinstances');
});
}
}
]