express-secure-handlebars 介绍
Express Secure Handlebars 通过提供内容感知 XSS 输出过滤器来增强你的 Web 应用程序的安全性。
示例代码:
var express = require('express'),
// The only difference is to replace 'express-handlebars' with our enhanced package.
// exphbs = require('express-handlebars');
exphbs = require('express-secure-handlebars');
var app = express(),
hbs = exphbs.create({ /* config */ });
app.engine('handlebars', hbs.engine);
app.set('view engine', 'handlebars');
app.use('/profile', function (req, res) {
res.render('profile', {
title: 'User Profile',
url: req.query.url // an untrusted user input
});
});
app.listen(3000);