i m 试图在将它输入数据库之前使html窒息性,即使用先质-htmlnpm包,但它没有工作
if (noteContent) {
const resultContent = sanitize(noteContent);
console.log(resultContent);
} else {
setErrorMessages((prevState) => ["note content cannot be empty"]);
}
here when i m entering <img src=? onerror="alert( hello )" />
it returns:
<p><img src=? onerror="alert( hello )" /></p>
难道看不错什么?
根据上查阅的文件,你正在研究的职能应当称为sanitizeHtml(,而不是sanitize()。
However, if you read closely, per default it does allow quite some html tags and attributes listed here: https://github.com/apostrophecms/sanitize-html?tab=readme-ov-file#default-options
为了进一步限制,遵循文件。
// Allow only a super restricted set of tags and attributes
const clean = sanitizeHtml(dirty, {
allowedTags: [ b , i , em , strong , a ],
allowedAttributes: {
a : [ href ]
},
allowedIframeHostnames: [ www.youtube.com ]
});
举例来说,如果是这样的话:
if (noteContent) {
const resultContent = sanitizeHtml(noteContent, {
allowedTags: [],
allowedAttributes: {}
});
console.log(resultContent);
} else {
setErrorMessages((prevState) => ["note content cannot be empty"]);
}
$db_user="root"; $db_host="localhost"; $db_password="root"; $db_name = "fayer"; $conn = mysqli_connect($db_host,$db_user,$db_password,$db_name) or die ("couldn t connect to server"); // perform query ...
I am in the early stages of developing a database-driven system and the largest part of the system revolves around an inheritance type of relationship. There is a parent entity with about 10 columns ...
I m writing a Java web app in my free time to learn more about development. I m using the Stripes framework and eventually intend to use hibernate and MySQL For the moment, whilst creating the pages ...
Does anybody know if it is possible to move some (not all) users from one ASP.NET membership database to another? (for the purposes of migrating some users to another database on another machine, but ...
Is it because of size? By the way, what is the limit of the size?
I am trying to join two tables that reside in two different databases. Every time, I try to join I get the following error: An association from the table xxx refers to an unmapped class. If the ...
For example, I have a table, and there is a column named Tags . I want to know if value programming exists in this column. How can I do this in ADO.NET? I did this: OleDbCommand cmd = new ...
I m trying to migrate one of my PHP projects to Doctrine. I ve never used it before so there are a few things I don t understand. In my current code, I have a class similar to this: class ...