security.js
1.28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
/**
* 校验input, 防止SQL注入
* @author: 赵彪<bill.zhao@yoho.cn>
* @date: 2015/11/30
*/
var $ = require('jquery'),
tip = require('./tip');
/**
* hasStrangeInput() return true when input have danger value
*
* @param {Bool} needConvert Set if the danger input value should be converted to space
* @return {Bool} true/false If the input have danger value
*/
function hasDangerInput(needConvert) {
var $inputs = $('input[type!=hidden], textarea');
var validationPartten = /['"<>&\|]|--/g,
inputsLength = $inputs.length,
val,
i,
matchChars,
// to set if the input value should be coverted, and its default value is true;
willConvert = needConvert === undefined || typeof needConvert !== 'boolean' ? true : needConvert;
for (i = 0; i < inputsLength; i++) {
val = $inputs.eq(i).val();
if (validationPartten.test(val)) {
if (willConvert) {
$inputs.eq(i).val(val.replace(validationPartten, ' '));
} else {
matchChars = val.match(validationPartten).join(' ');
tip.show('不可以输入 ' + matchChars + ' 哦!');
}
return !willConvert && true;
}
}
return false;
}
exports.hasDangerInput = hasDangerInput;