Express Secure Handlebars 通过提供内容感知 XSS 输出过滤器来增强你的 Web 应用程序的安全性。
示例代码:
var express = require('express'), // The only difference is to replace 'express-handlebars' with our enhanced package. // exphbs = require('express-handlebars'); exphbs = require('express-secure-handlebars'); var app = express(), hbs = exphbs.create({ /* config */ }); app.engine('handlebars', hbs.engine); app.set('view engine', 'handlebars'); app.use('/profile', function (req, res) { res.render('profile', { title: 'User Profile', url: req.query.url // an untrusted user input }); }); app.listen(3000);
