security.js
2.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
/**
* 校验input, 防止SQL注入
* @author: 赵彪<bill.zhao@yoho.cn>
* @date: 2015/11/30
*/
var $ = require('jquery'),
tip = require('./tip');
/**
* hasStrangeInput() return true when input have danger value
*
* @param {Bool} needConvert Set if the danger input value should be converted to space
* @return {Bool} true/false If the input have danger value
*/
function hasDangerInput(needConvert) {
<<<<<<< HEAD
var validationPartten = /['"<>&\|]|--/g;
var inputs = $('input[type!=hidden], textarea');
var inputsLength = inputs.length;
// to set if the input value should be coverted, and its default value is true;
var willConvert = needConvert === undefined || typeof needConvert !== 'boolean' ? true : needConvert ;
for (var i = 0; i < inputsLength; i++) {
var val = inputs.eq(i).val();
if (validationPartten.test(val)) {
if (willConvert) {
inputs.eq(i).val(val.replace(validationPartten, ' '));
} else{
var matchChars = val.match(validationPartten).join(' ');
tip.show('不可以输入 ' + matchChars + ' 哦!');
}
return !willConvert && true;
}
}
return false;
=======
var $inputs = $('input[type!=hidden], textarea');
var validationPartten = /['"<>&\|]|--/g,
inputsLength = $inputs.length,
val,
i,
matchChars,
// to set if the input value should be coverted, and its default value is true;
willConvert = needConvert === undefined || typeof needConvert !== 'boolean' ? true : needConvert;
for (i = 0; i < inputsLength; i++) {
val = $inputs.eq(i).val();
if (validationPartten.test(val)) {
if (willConvert) {
$inputs.eq(i).val(val.replace(validationPartten, ' '));
} else {
matchChars = val.match(validationPartten).join(' ');
tip.show('不可以输入 ' + matchChars + ' 哦!');
}
return !willConvert && true;
}
}
return false;
>>>>>>> 3685878e28b5f0a7fbf2ebdb250a96a5ecc47f52
}
exports.hasDangerInput = hasDangerInput;