New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

请求参数多余空格 #1139

Closed
Evaim opened this Issue Apr 25, 2018 · 2 comments

Comments

Projects
None yet
2 participants
@Evaim

Evaim commented Apr 25, 2018

DESC

请求参数同名时,如果请求参数值为字符"<"、"<=",">",">=","="时则解析到的参数数组第一个元素会多加一个空格,

ENV

OS Platform: mac

Node.js Version: v8.9.1

ThinkJS Version:3.2.7

code

<input name="paramTest" value="<">
<input name="paramTest" value="<">
<input name="paramTest" value="<">
<input name="paramTest2" value="&gt;">
<input name="paramTest2" value="&gt;">
<input name="paramTest2" value="&gt;">

后台拿到的参数的第一个元素有多余空格

paramTest: [ '< ', '<', '<' ],
paramTest2: [ '> ', '>', '>' ],

如果换成普通值,则是正常的,如:

<input name="paramTest" value="value">
<input name="paramTest" value="value">
<input name="paramTest" value="value">
  paramTest: [ 'value', 'value', 'value' ],

@lushijie lushijie self-assigned this Apr 25, 2018

@lushijie

This comment has been minimized.

Member

lushijie commented Apr 25, 2018

这是数据库安全策略特意处理的。
如果确认 paramTest 数据不会使用在数据库的sql语句中,可以在logic进行一次逆转化。代码如下:

// src/logic/test.js
indexAction(){
    let rules = {
      paramTest: {
        required: true,
        array: true,
        children: {
          trim: true,
        },
      }
    };

    if(!this.validate(rules,{})) {
      return this.fail(this.validateErrors);
    }
  }

在这之后获取就是正常的啦!

@Evaim

This comment has been minimized.

Evaim commented Apr 25, 2018

好的,谢谢

@lushijie lushijie closed this Apr 25, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment