问题描述

我正在尝试清理猫鼬中的用户输入.我虽然使用猫鼬中间件会有所帮助，但似乎我错了或者做错了.

I am trying to sanitize user input in mongoose. I though that using mongoose middleware would help, but it seems that I am either wrong or I am doing something wrong.

我尝试使用Mongoose中间件(而不是Express中间件)的原因是我有一个可以包含嵌套文档的文档-但是，该嵌套文档也可以是独立文档.我正在尝试为文档创建一个单一事实点"，以便只能在一个地方进行消毒.

The reason I am trying to use Mongoose middleware (and not Express middleware) is that I have a document that can have a nested document - however, that nested document can be a standalone document as well. I am trying to create a "single point of truth" for my documents so that I can sanitize only in one place.

以下代码似乎无效:

Organization.pre("validate", function (next) {
  this.subdomain = this.trim().toLowerCase();
  next();
});

PS.我也在使用mongoose-validator，后者又使用node-validator来验证用户输入-节点验证器也有一些清理方法，也许我应该以某种方式使用它们?

PS. I am also using mongoose-validator, which in turn uses node-validator to validate the user input - node validator also has some sanitize methods, maybe I should use them somehow?

推荐答案

在这种情况下，我认为最好添加 trim: true 到subdomain的Organization模式定义:

In this case I think it would be better to add trim: true to the Organization schema definition for subdomain:

subdomain: { type: String, trim: true }

这篇关于如何清理猫鼬中的用户输入?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！