stackoom
  简体   繁体   中英

Array Becomes Undefined

 原文  2017-01-04 01:53:18       javascript/ node.js

Question

I have the weirdest bug right now; I built this function made to remove xss vulnerabilities from the output of my server, and when parsing MongoDB result objects (with subdocuments in the schema), the array properties promptly change from array to undefined. See the code and the trace below:

Code: 

function xss(value){
  if(typeof value === "object" && value !== null){
    return xssObjectEscape(value);
  }else if(typeof value === "string"){
    return xssStringEscape(value);
  }
}

function xssStringEscape(text) {
   return text.replace(/&/g, '&').
     replace(/</g, '&lt;').  // it's not necessary to escape >
     replace(/"/g, '&quot;').
     replace(/'/g, '&#039;');
}

function xssObjectEscape(object) {
  for (var prop in object) {
    if(typeof object[prop] === "string"){
      object[prop] = xssStringEscape(object[prop]);
    }else if(Array.isArray(object[prop])){
      console.log("xss Array");
      console.log(`${prop}: ${JSON.stringify(object[prop])}`);
      console.log(object[prop]);
      console.log(typeof object[prop]);
      console.log(object[prop].constructor);
      console.log(object[prop].constructor.name);
      console.log(object[prop].length);
      for(let i = 0 ; i < object[prop].length ; i++){
        object[prop] = xss(object[prop][i]);
      }
    }else if(typeof object[prop] === "object" && object[prop] !== null){
      xssObjectEscape(object[prop]);
    }
  }
  return object;
}

Trace: 

xss Array
save: [null,null,null,null]
[ [Function: notify],
  [Function: notify],
  [Function: notify],
  [Function: notify] ]
object
[Function: Array]
Array
4
TypeError: Cannot read property 'length' of undefined
    at xssObjectEscape (/var/www/smq/services/secure/xss.js:30:39)
    at xssObjectEscape (/var/www/smq/services/secure/xss.js:34:7)
    at xssObjectEscape (/var/www/smq/services/secure/xss.js:34:7)
    at xssObjectEscape (/var/www/smq/services/secure/xss.js:34:7)
    at xss (/var/www/smq/services/secure/xss.js:5:12)
    at filter.user.then (/var/www/smq/handlers/session.js:29:21)
    at process._tickCallback (internal/process/next_tick.js:103:7)

Any idea why this may happen?

1 answers

solution1
 3 ACCPTED  2017-01-04 01:55:43

  for(let i = 0 ; i < object[prop].length ; i++){
    object[prop] = xss(object[prop][i]);
  }

You're overwriting the value of object[prop] with undefined inside your loop. You probably meant to assign to object[prop][i] , but instead you're completely overwriting the value at object[prop] with the undefined returned from xss .

The next loop iteration tests the stop condition i < object[prop].length , and raises an exception. All of your logging isn't helping, because you're doing it at the wrong point. You should be inspecting the value of object[prop] after you overwrite it inside your loop.

Note that you should probably just be using map instead of your for loop: 

object[prop] = object[prop].map(xss)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Array variable passed into function in Javascript becomes undefined Array of elements with certain class becomes undefined in setTimeout Text becomes undefined when going through an array Javascript global array becomes undefined when used on other html page Array becomes 'undefined' in forEach inside polymer property observer Knockout JS - Observable becomes undefined when added to an array Javascript array becomes undefined right after correct console output Element becomes undefined “this” becomes undefined in ngOnInit Variable suddenly becomes undefined?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM