paramsFilter

 'use strict';
 const model = require('../models/feature');
+const _ = require('lodash');
+const stringProcess = require('../../../utils/string-process');
 
 exports.index = function(req, res, next) {
     model.index({
         code: req.params.code,
-        type: req.query.type
+        type: stringProcess.paramsFilter(req.query.type)
     }).then((result) => {
         if (!result) {
             return next();
         }
-        let title = req.query.title || result.name || '专题活动';
+        let title = stringProcess.paramsFilter(req.query.title) || result.name || '专题活动';
+        let shareId = _.parseInt(stringProcess.paramsFilter(req.query.share_id));
 
         // 唤起 APP 的路径
-        res.locals.appPath = `yohobuy://yohobuy.com/goapp?openby:yohobuy={"action":"go.h5","params":{"param":{"share_id":"${req.query.share_id}","title":"${title}"},"share":"/operations/api/v5/webshare/getShare","shareparam":{"share_id":"${req.query.share_id}"},"title":"${title}","url":"https://activity.yoho.cn/feature/${req.params.code}.html"}}`;
+        res.locals.appPath = `yohobuy://yohobuy.com/goapp?openby:yohobuy={"action":"go.h5","params":{"param":{"share_id":"${shareId}","title":"${title}"},"share":"/operations/api/v5/webshare/getShare","shareparam":{"share_id":"${shareId}"},"title":"${title}","url":"https://activity.yoho.cn/feature/${req.params.code}.html"}}`;
 
         res.render('feature/index', {
             module: 'activity',

@@ -13,6 +13,7 @@ const _ = require('lodash');
 const helpers = global.yoho.helpers;
 const crypto = global.yoho.crypto;
 const productProcess = require(`${utils}/product-process`);
+const stringProcess = require(`${utils}/string-process`);
 const shopPrcs = require(`${utils}/shop-process`);
 const co = require('bluebird').coroutine;
 
@@ -22,9 +23,10 @@ const shop = {
      * 店铺统一入口
      */
     entry(req, res, next) {
+        const shopId = _.parseInt(stringProcess.paramsFilter(req.query.shop_id));
+        const brandId = _.parseInt(stringProcess.paramsFilter(req.query.brand_id));
+
         const {
-            shop_id: shopId,
-            brand_id: brandId,
             domain
         } = req.query;
         const uid = req.user.uid;
@@ -255,7 +257,7 @@ const shop = {
      */
     list(req, res, next) {
         co(function* () {
-            let shopId = req.query.shop_id || req.shopInfo.shops_id;
+            let shopId = _.parseInt(stringProcess.paramsFilter(req.query.shop_id)) || req.shopInfo.shops_id;
             let shopInfo = req.shopInfo || {};
             let title = shopInfo.shop_name || '店铺商品列表';
             let searchParam = {

@@ -13,6 +13,24 @@ const isNumeric = (str) => {
     return /^\d+(\.\d+)?$/.test(str);
 };
 
+/**
+ * 参数过滤
+ * @param {*} param 
+ */
+const paramsFilter = (param) => {
+    if (param) {
+        param = decodeURIComponent(param);
+        return param.replace('<', '')
+            .replace('>', '')
+            .replace('"', '')
+            .replace('\'', '')
+            .replace(' ', '');
+    } else {
+        return param;
+    }
+};
+
 module.exports = {
-    isNumeric
+    isNumeric,
+    paramsFilter
 };