我正在使用 mongoJS 来处理我的数据库查询。我遇到了字符串包含 HTML 标记的问题,我正在使用正则表达式在集合中搜索我的字符串。如何通过忽略 HTML 标签来搜索文本?
var userInput = $scope.userInput; // value from user input
db.collections.find({'obj': {$regex: new RegExp(userInput) } }).toArray(function(err, result){
return res.json(result);
}
收藏
[{_id:"34aw34d343s4", obj:"How are you?"},
{_id:"34asdfwer343s4", obj:"Are you okay?"},
{_id:"3sDaweqr43s4", obj:"Goodbye, my friend!"},
{_id:"34aw3sdfgds3s4", obj:"Do you know these are <strong>important</strong> items"}]
用户输入
these are
these
these are important
输出
[{_id:"34aw3sdfgds3s4", obj:"Do you know these are <strong>important</strong> items"}]
[{_id:"34aw3sdfgds3s4", obj:"Do you know these are <strong>important</strong> items"}]
[]
预期
[{_id:"34aw3sdfgds3s4", obj:"Do you know these are <strong>important</strong> items"}]
[{_id:"34aw3sdfgds3s4", obj:"Do you know these are <strong>important</strong> items"}]
[{_id:"34aw3sdfgds3s4", obj:"Do you know these are <strong>important</strong> items"}]
最佳答案
你应该 sanitize 进入数据库之前的用户输入。根据我对您系统的了解,用户输入(在插入数据库之前)很可能没有经过清理,您的网站容易受到 XSS attack 的攻击。 .
我建议您使用类似 sanitize-html 的库保护您的网站免受 cross-site scripting 的侵害以及这个问题的答案。
关于javascript - 如何搜索 HTML 标签之间的文本,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/46375936/