Page 627 - Nodejs 교과서 개정2판
P. 627
$ npm i csurf
944ח ঈੋ ࢎਊо ࢎী झ݀ܳ ੑೞח ҕѺੑפ ঈࢿ ࢎਊо ѱदӖա ؆Ӗ ١ਸ স۽
٘ೡ ٸ ߄झ݀о ನೣػ కӒܳ ৢܻݶ աী ܲ ࢎਊо Ӓ ѱदӖա ؆Ӗਸ ࠅ ٸ Ӓ झ݀
о प೯غযࢲ ӝ ޅೠ زਸ ೞѱ ؾפ
ٮۄࢲ ࢲߡীࢲח ࢎਊо ѱदӖਸ স۽٘ೡ ٸ झ݀о ನೣغয ח Ѩࢎ೧ࢲ ઓೠݶ ઁѢ೧ঠ
פ ݅ ҕѺࢿ झ݀ ਬഋ ݆ਵ۽ ۄ࠳۞ܻ بਸ ߉ח Ѫ જणפ
ࢎਊߨ рױפ
const sanitizeHtml = require('sanitize-html');
const html = "<script>location.href = 'https://gilbut.co.kr'</script>";
console.log(sanitizeHtml(html)); // ''
ࢎਊо স۽٘ೠ )5.-ਸ sanitize-html ೣࣻ۽ хऱݶ ೲਊೞ ঋח కӒա झ݀ח ઁѢؾפ ف
ߣ૩ ੋࣻ۽ ೲਊೡ ࠗ࠙ী ೠ ২࣌ਸ ֍ਸ ࣻ חؘ ২࣌ ݾ۾ ҕध ޙࢲܳ ଵҊೞݶ ؾפ
$43'ח ࢎਊо ب ঋѱ ҕѺо بೠ ೯زਸ ೞѱ ݅٘ח ҕѺੑפ ܳ ٜয ౠ ಕী ߑޙ
ೡ ٸ ۽ ۽ӒইਓغѢա ѱदӖ ॄח അ࢚ਸ ਬبೡ ࣻ णפ बয ೯җ э ࢎীࢲח
ܲ ࢎۈীѱ ࣠Әೞח ೯زਸ ֍ח ١ ࢚ടী ٮۄ ѱ ঈਊؼ ࣻ ח ҕѺੑפ
ҕѺਸ ݄ਵ۰ݶ ղо ೠ ೯ز ղо ೠ Ѫ ݏח ਸ ੋૐ೧ঠ פ ٸ $43' ష ࢎਊغҊ DT
VSG ಁఃח షਸ औѱ ߊәೞѢա Ѩૐೡ ࣻ ب۾ ذणפ
ইې ٘ח ҕध ޙࢲীࢲ ߊೠ ઁੑפ GET /form ۄఠח formਸ ۪؊݂ೞח ۄఠҊ POST /form
ۄఠח formীࢲ ࠁմ ؘఠܳ ܻೞח ۄఠੑפ
const csrf = require('csurf');
const csrfProtection = csrf({ cookie: true });
app.get('/form', csrfProtection, (req, res) => {
res.render('csrf', { csrfToken: req.csrfToken() });
});
app.post('/form', csrfProtection, (req, res) => {
res.send('ok');
});