我在记录器中显示以下错误。
URIError: Failed to decode param '/%db<script>alert(539043);</script>/'
at decodeURIComponent (<anonymous>)
at decode_param (/usr/src/app/node_modules/express/lib/router/layer.js:172:12)
at Layer.match (/usr/src/app/node_modules/express/lib/router/layer.js:123:27)
at matchLayer (/usr/src/app/node_modules/express/lib/router/index.js:574:18)
at next (/usr/src/app/node_modules/express/lib/router/index.js:220:15)
at app.use (/usr/src/app/app.js:83:9)
at Layer.handle [as handle_request] (/usr/src/app/node_modules/express/lib/router/layer.js:95:5)
at trim_prefix (/usr/src/app/node_modules/express/lib/router/index.js:317:13)
at /usr/src/app/node_modules/express/lib/router/index.js:284:7
at Function.process_params (/usr/src/app/node_modules/express/lib/router/index.js:335:12)
我认为这是某人试图调查我的网站的某些漏洞。像发条一样,每周发生两次。
大约在同一时间我也收到以下错误:
URIError: Failed to decode param '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd'
at decodeURIComponent (<anonymous>)
at decode_param (/usr/src/app/node_modules/express/lib/router/layer.js:172:12)
at Layer.match (/usr/src/app/node_modules/express/lib/router/layer.js:123:27)
at matchLayer (/usr/src/app/node_modules/express/lib/router/index.js:574:18)
at next (/usr/src/app/node_modules/express/lib/router/index.js:220:15)
at app.use (/usr/src/app/app.js:83:9)
at Layer.handle [as handle_request] (/usr/src/app/node_modules/express/lib/router/layer.js:95:5)
at trim_prefix (/usr/src/app/node_modules/express/lib/router/index.js:317:13)
at /usr/src/app/node_modules/express/lib/router/index.js:284:7
at Function.process_params (/usr/src/app/node_modules/express/lib/router/index.js:335:12)
是否有某种方法可以防止这种情况发生?我应该担心这个吗?有没有处理不合法参数的标准方法。