<legend id='4xHpf'><style id='4xHpf'><dir id='4xHpf'><q id='4xHpf'></q></dir></style></legend>

    1. <tfoot id='4xHpf'></tfoot>
        <bdo id='4xHpf'></bdo><ul id='4xHpf'></ul>
      <i id='4xHpf'><tr id='4xHpf'><dt id='4xHpf'><q id='4xHpf'><span id='4xHpf'><b id='4xHpf'><form id='4xHpf'><ins id='4xHpf'></ins><ul id='4xHpf'></ul><sub id='4xHpf'></sub></form><legend id='4xHpf'></legend><bdo id='4xHpf'><pre id='4xHpf'><center id='4xHpf'></center></pre></bdo></b><th id='4xHpf'></th></span></q></dt></tr></i><div id='4xHpf'><tfoot id='4xHpf'></tfoot><dl id='4xHpf'><fieldset id='4xHpf'></fieldset></dl></div>

      <small id='4xHpf'></small><noframes id='4xHpf'>

      1. 在 sequelize.js 中使用 build 方法时是否需要验证、清理或转义数据

        Do I need to validate, sanitise or escape data when using the build method in sequelize.js(在 sequelize.js 中使用 build 方法时是否需要验证、清理或转义数据)
        <i id='MkV6n'><tr id='MkV6n'><dt id='MkV6n'><q id='MkV6n'><span id='MkV6n'><b id='MkV6n'><form id='MkV6n'><ins id='MkV6n'></ins><ul id='MkV6n'></ul><sub id='MkV6n'></sub></form><legend id='MkV6n'></legend><bdo id='MkV6n'><pre id='MkV6n'><center id='MkV6n'></center></pre></bdo></b><th id='MkV6n'></th></span></q></dt></tr></i><div id='MkV6n'><tfoot id='MkV6n'></tfoot><dl id='MkV6n'><fieldset id='MkV6n'></fieldset></dl></div>
        <legend id='MkV6n'><style id='MkV6n'><dir id='MkV6n'><q id='MkV6n'></q></dir></style></legend>
        • <bdo id='MkV6n'></bdo><ul id='MkV6n'></ul>

                <tbody id='MkV6n'></tbody>
              1. <small id='MkV6n'></small><noframes id='MkV6n'>

                  <tfoot id='MkV6n'></tfoot>
                1. 本文介绍了在 sequelize.js 中使用 build 方法时是否需要验证、清理或转义数据的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

                  问题描述

                  我有一个 node/express/sequelize 应用程序.我正在使用 sequelize 中的 build 方法来创建我的 foo 模型的实例.

                  I have a node / express / sequelize app. I am using the build method in sequelize to create an instances of my foo model.

                  Foo 控制器

                   exports.create = function(req, res) {
                       var foo = db.Foo.build(req.body);
                       foo.save().then(function(){
                           // do stuff
                       });
                   }
                  

                  Foo 模型

                  module.exports = function(sequelize, DataTypes) {
                  
                  var Foo = sequelize.define('Foo', 
                  {
                    bar: DataTypes.STRING,
                    baz: DataTypes.STRING
                  }
                  

                  构建方法是否会检查我保存的数据是否干净,或者我是否需要在这里采取一些额外的预防措施?

                  Does the build method check that the data I am saving is clean or do I need to take some extra precautions here?

                  推荐答案

                  我更喜欢在路由中做二次验证,因为:

                  I prefer to make secondary validation in routes, because:

                  1) 将数据存储在数据库中是您可以使用这些数据执行的众多操作之一.如果您仅在数据库中验证,那么在其他地方您将获得未验证的数据.例如,在将其保存到数据库之前,您可能需要进行一些计算或连接.

                  1) Storing data in a database is one of many things you can do with this data. If you only validate in database then in other places you get not validated data. For example you may need some computation or concatenation before saving it in a database.

                  2) 或者当您在多条路线中使用一种 sequelize 模型(例如,客户路线和合作伙伴路线中的用户模型)并且您想要制定不同的验证规则时.

                  2) or when you use one sequelize model in many routes (e.g. User model in customer route and partner route) and you want to make different validation rules.

                  我总是在 sequelize 模型中设置验证,但这是使用最大允许条件"进行验证(例如,用户名字段永远不会大于 200 个字符并且它是字符串).我也进行路由验证.它更加具体和具体(例如,在客户路线中,用户名最大为 100,但在合作伙伴路线中,用户名可能有 150 个字符,并且还检查此字符串的内容).

                  I always set validation in sequelize models, but this is validation with 'maximum allowable conditions' (e.g. username field never be larger then 200 chars and it is string). I make also routes validation. It is more specific and concrete (e.g. in customer route username max large is 100 but in partner route username may have 150 chars and also check content of this string).

                  最后,严格回答您的问题:sequelize 验证主要用于验证格式.这还不够.看看我的回答 NodeJS/express - 公共 API 端点的安全性如果您在没有正确验证的情况下保存数据然后提供此数据,那么您将面临 XSS 攻击.

                  And finally, the strict answer for your question: sequelize validation is mostly for validating format. And this is not enough. Look at my answer NodeJS/express - security for public API endpoint if you save data without correct validation and then serve this data then you are exposed to XSS attack.

                  这篇关于在 sequelize.js 中使用 build 方法时是否需要验证、清理或转义数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

                  本站部分内容来源互联网,如果有图片或者内容侵犯了您的权益,请联系我们,我们会在确认后第一时间进行删除!

                  相关文档推荐

                  Pause youtube video, youtube api(暂停 youtube 视频,youtube api)
                  Youtube iframe api not triggering onYouTubeIframeAPIReady(Youtube iframe api 未触发 onYouTubeIframeAPIReady)
                  How can I stop a video with Javascript in Youtube?(如何在 Youtube 中停止使用 Javascript 的视频?)
                  How to call Greasemonkey#39;s GM_ functions from code that must run in the target page scope?(如何从必须在目标页面范围内运行的代码中调用 Greasemonkey 的 GM_ 函数?)
                  How do you mute an embedded Youtube player?(如何使嵌入式 Youtube 播放器静音?)
                  How to get number of video views with YouTube API?(如何使用 YouTube API 获取视频观看次数?)
                  <i id='Vy1pz'><tr id='Vy1pz'><dt id='Vy1pz'><q id='Vy1pz'><span id='Vy1pz'><b id='Vy1pz'><form id='Vy1pz'><ins id='Vy1pz'></ins><ul id='Vy1pz'></ul><sub id='Vy1pz'></sub></form><legend id='Vy1pz'></legend><bdo id='Vy1pz'><pre id='Vy1pz'><center id='Vy1pz'></center></pre></bdo></b><th id='Vy1pz'></th></span></q></dt></tr></i><div id='Vy1pz'><tfoot id='Vy1pz'></tfoot><dl id='Vy1pz'><fieldset id='Vy1pz'></fieldset></dl></div>

                    <bdo id='Vy1pz'></bdo><ul id='Vy1pz'></ul>

                              <tbody id='Vy1pz'></tbody>
                          • <tfoot id='Vy1pz'></tfoot>

                            <legend id='Vy1pz'><style id='Vy1pz'><dir id='Vy1pz'><q id='Vy1pz'></q></dir></style></legend>

                            <small id='Vy1pz'></small><noframes id='Vy1pz'>