sanitize, helmet 미들웨어를 이용하여 campground / review 생성시에 html 태그가 입력되지 않도록 방지했다.
👇코드 보러가기
https://github.com/Sara-Jo/BeWild/tree/9ff17a5725201143f7ac2ca0f28e26e5c5d58c97
campground 나 review 작성시에 HTML 태그를 포함하면 경고메시지를 표시하도록 했다.[schemas.js]
const BaseJoi = require("joi");
const sanitizeHtml = require("sanitize-html");
// prevent users from entering HTML tags
const extension = (joi) => ({
type: 'string',
base: joi.string(),
messages: {
'string.escapeHTML': '{{#label}} must not include HTML!'
},
rules: {
escapeHTML: {
validate(value, helpers) {
const clean = sanitizeHtml(value, {
allowedTags: [],
allowedAttributes: {},
});
if (clean !== value) return helpers.error('string.escapeHTML', { value })
return clean;
}
}
}
});
const Joi = BaseJoi.extend(extension);
module.exports.campgroundSchema = Joi.object({
campground: Joi.object({
title: Joi.string().required().escapeHTML(),
price: Joi.number().required().min(0),
location: Joi.string().required().escapeHTML(),
description: Joi.string().required().escapeHTML()
}).required(),
deleteImages: Joi.array()
});
module.exports.reviewSchema = Joi.object({
review: Joi.object({
body: Joi.string().required().escapeHTML(),
rating: Joi.number().required().min(1).max(5)
}).required()
});
[error.ejs]