node.js 上的 Html 注入问题
[英]Html injection problems on node.js
问题描述
Hi i'm trying to inject html code from a String to a view and i'm getting some a error trying to, im stuck:
嗨,我正在尝试将 html 代码从字符串注入到视图中,但尝试时遇到了一些错误,我卡住了:
This is the Code on Node.js route:这是 Node.js 路线上的代码:
router.get('/profile/:page', isLoggedIn, async (req, res) => {
// Get current page from url (request parameter)
let page_id = parseInt(req.params.page);
let currentPage = 0;
if (page_id > 0) currentPage = page_id;
//Change pageUri to your page url without the 'page' query string
pageUri = '/profile/';
/*Get total items*/
await pool.query('SELECT COUNT(id) as totalCount FROM user where user_type="Client"', async (err, result,) => {
// Display 10 items per page
const perPage = 10,
totalCount = result[0].totalCount;
console.log("Estos son los datos",totalCount, currentPage, pageUri, perPage);
// Instantiate Pagination class
const Paginate = new Pagination(totalCount, currentPage, pageUri, perPage);
/*Query items*/
const data = {
users: await pool.query('SELECT * FROM user where user_type="Client" LIMIT ' + 10 + ' OFFSET ' + Paginate.offset),
pages: Paginate.links()// Paginate.lins()->return a variable with all html
}
res.render('profile', { data });
});
});
This is Links() function这是链接() function
class Pagination{
constructor(totalCount,currentPage,pageUri,perPage=2){
this.perPage = perPage;
this.totalCount =parseInt(totalCount);
this.currentPage = parseInt(currentPage);
this.previousPage = this.currentPage - 1;
this.nextPage = this.currentPage + 1;
this.pageCount = Math.ceil(this.totalCount / this.perPage);
this.pageUri = pageUri;
this.offset = this.currentPage > 1 ? this.previousPage * this.perPage : 0;
this.sidePages = 4;
this.pages = false;
}
links(){
this.pages='<ul class="pagination pagination-md">';
if(this.previousPage > 0)
this.pages+='<li class="page-item"><a class="page-link" href="'+this.pageUri + this.previousPage+'">Previous</a></li>';
/*Add back links*/
if(this.currentPage > 1){
for (var x = this.currentPage - this.sidePages; x < this.currentPage; x++) {
if(x > 0)
this.pages+='<li class="page-item"><a class="page-link" href="'+this.pageUri+x+'">'+x+'</a></li>';
}
}
/*Show current page*/
this.pages+='<li class="page-item active"><a class="page-link" href="'+this.pageUri+this.currentPage+'">'+this.currentPage+'</a></li>';
/*Add more links*/
for(x = this.nextPage; x <= this.pageCount; x++){
this.pages+='<li class="page-item"><a class="page-link" href="'+this.pageUri+x+'">'+x+' </a></li>';
if(x >= this.currentPage + this.sidePages)
break;
}
/*Display next buttton navigation*/
if(this.currentPage + 1 <= this.pageCount)
this.pages+='<li class="page-item"><a class="page-link" href="'+this.pageUri+this.nextPage+'">Next</a></li>';
this.pages+='</ul>';
return this.pages;
}
}
module.exports = Pagination;
In the HTML:在 HTML 中:
<div id="pages">
{{ data.pages }}
</div>
Finally I am getting an error in my browser which does not allow the html that I send from the path to read correctly.最后,我的浏览器出现错误,不允许我从路径发送的 html 正确读取。 PLZZ HELP ME.请帮助我。 IM STUCK我卡住了
This is pool: const pool = require('../database');这是池: const pool = require('../database');
And this is database.js:这是 database.js:
const mysql = require('mysql');
const { promisify } = require ('util');
const { database } = require('./keys');
const pool= mysql.createPool(database);
pool.getConnection((err, connection)=>{
if(err){
if(err.code === 'PROTOCOL_CONNECTION_LOST'){
console.error('DATABASE CONNECTION WAS CLOSED');
}
if(err.code === 'ER_CON_COUNT_ERROR'){
console.error('DATABASE HAS TO MANY CONNECTIONS');
}
if(err.code === 'ECONNREFUSED'){
console.error('DATABASE CONNECTION WAS REFUSED');
}
}
if (connection) connection.release();
console.log('DB is CONNECTED');
return;
});
//Promisify Pool Querys
pool.query = promisify(pool.query);
module.exports = pool;
Also the browser detect only text, not code.浏览器也只检测文本,不检测代码。
View Source in the browser enter image description here在浏览器中查看源 在此处输入图像描述
Which exact database library are you using?您正在使用哪个确切的数据库库? require('mysql')要求('mysql')
And, what exactly is the error in your browser?而且,您的浏览器中的错误究竟是什么?
1 个解决方案
解决方案1
0 已采纳 2021-02-09 05:09:23
Your template engine by default escapes any text that you insert into the page so it will be rendered as text and not accidentally interpreted as HTML.默认情况下,您的模板引擎会转义您插入页面的任何文本,以便将其呈现为文本,而不会意外地解释为 HTML。 This is why the HTML you inject is displaying as plain text.这就是您注入的 HTML 显示为纯文本的原因。
If you want to inject actual HTML, then you have to tell the template engine that you don't want it to escape this particular insertion.如果你想注入实际的 HTML,那么你必须告诉模板引擎你不希望它逃避这个特定的插入。 When you tell us what template engine you're using, we can help you with how you do that.当您告诉我们您正在使用什么模板引擎时,我们可以帮助您了解如何做到这一点。
To stop Handlebars from escaping your HTML, just use triple braces like this:要从 escaping 您的 HTML 中停止 Handlebars,只需像这样使用三重大括号:
<div id="pages">
{{{ data.pages }}}
</div>
Here's the relevant doc page that describes it.这是描述它的相关文档页面。
Also, await does not work with pool.query() in either of the places you're using it because the mysql module does not support promises and thus await on something other than a promise does nothing useful.此外, await在您使用它的任何一个地方都不能与pool.query()一起使用,因为 mysql 模块不支持承诺,因此在 promise 以外的其他东西上await没有任何用处。 You can use the mysql2 module as in require('mysql2/promise') to get built-in promise support with mysql2.您可以像require('mysql2/promise')中那样使用 mysql2 模块来获得对 mysql2 的内置 promise 支持。 Then, don't pass a callback and just use the returned promise.然后,不要传递回调,只需使用返回的 promise。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.