-1
我現在有最奇怪的錯誤;我構建了這個函數,用於從服務器的輸出中刪除xss漏洞,並且在解析MongoDB結果對象(在模式中使用子文檔)時,數組屬性會立即從數組更改爲undefined。看到代碼和下面的跟蹤:Array未定義
代碼:
function xss(value){
if(typeof value === "object" && value !== null){
return xssObjectEscape(value);
}else if(typeof value === "string"){
return xssStringEscape(value);
}
}
function xssStringEscape(text) {
return text.replace(/&/g, '&').
replace(/</g, '<'). // it's not necessary to escape >
replace(/"/g, '"').
replace(/'/g, ''');
}
function xssObjectEscape(object) {
for (var prop in object) {
if(typeof object[prop] === "string"){
object[prop] = xssStringEscape(object[prop]);
}else if(Array.isArray(object[prop])){
console.log("xss Array");
console.log(`${prop}: ${JSON.stringify(object[prop])}`);
console.log(object[prop]);
console.log(typeof object[prop]);
console.log(object[prop].constructor);
console.log(object[prop].constructor.name);
console.log(object[prop].length);
for(let i = 0 ; i < object[prop].length ; i++){
object[prop] = xss(object[prop][i]);
}
}else if(typeof object[prop] === "object" && object[prop] !== null){
xssObjectEscape(object[prop]);
}
}
return object;
}
跟蹤:
xss Array
save: [null,null,null,null]
[ [Function: notify],
[Function: notify],
[Function: notify],
[Function: notify] ]
object
[Function: Array]
Array
4
TypeError: Cannot read property 'length' of undefined
at xssObjectEscape (/var/www/smq/services/secure/xss.js:30:39)
at xssObjectEscape (/var/www/smq/services/secure/xss.js:34:7)
at xssObjectEscape (/var/www/smq/services/secure/xss.js:34:7)
at xssObjectEscape (/var/www/smq/services/secure/xss.js:34:7)
at xss (/var/www/smq/services/secure/xss.js:5:12)
at filter.user.then (/var/www/smq/handlers/session.js:29:21)
at process._tickCallback (internal/process/next_tick.js:103:7)
知道爲什麼這會發生?
看,我知道這是像這樣的傻事。乾杯! –