diff --git a/History.md b/History.md
new file mode 100644
index 0000000..4d2be33
--- /dev/null
+++ b/History.md
@@ -0,0 +1,2 @@
+# 项目改动历史
+1.
diff --git a/INSTALL.md b/INSTALL.md
new file mode 100644
index 0000000..669b61d
--- /dev/null
+++ b/INSTALL.md
@@ -0,0 +1,3 @@
+# 模块安装说明
+
+1.
diff --git a/package.json b/package.json
index f745908..65ef21e 100644
--- a/package.json
+++ b/package.json
@@ -6,8 +6,8 @@
"author": "debugcode",
"license": "ISC",
"scripts": {
- "api": "cross-env NODE_ENV=development PORT=10091 nodemon --watch src --ignore src/web.server.js --ignore 'src/assets/uploaded/*' src/api.server.js",
- "web": "cross-env NODE_ENV=development PORT=10092 nodemon --watch src --ignore src/api.server.js --ignore 'src/assets/uploaded/*' src/web.server.js",
+ "web": "cross-env NODE_ENV=development PORT=10091 nodemon --watch src --ignore src/api.server.js --ignore 'src/assets/uploaded/*' src/web.server.js",
+ "api": "cross-env NODE_ENV=development PORT=10092 nodemon --watch src --ignore src/web.server.js --ignore 'src/assets/uploaded/*' src/api.server.js",
"pm2-dev": "pm2 startOrRestart ecosystem.config.js --only 'web-development, api-development' --env development",
"pm2-test": "pm2 startOrRestart ecosystem.config.js --only 'web-test, api-test' --env test",
"pm2": "pm2 startOrRestart ecosystem.config.js --only 'web-production, api-production' --env production",
diff --git a/src/middleware/ctx-catch/index.js b/src/middleware/ctx-catch/index.js
index af6d26d..988429e 100644
--- a/src/middleware/ctx-catch/index.js
+++ b/src/middleware/ctx-catch/index.js
@@ -7,7 +7,6 @@ module.exports = () => {
try {
await next();
} catch (error) {
- console.error(error);
ctx.restError('Oh~Oh~Oh!!!! Find An Error Inner Api');
}
};
diff --git a/src/router/api/api.test.js b/src/router/api/api.test.js
index 011abee..18ada02 100644
--- a/src/router/api/api.test.js
+++ b/src/router/api/api.test.js
@@ -89,5 +89,22 @@ const PetMongo = require('../../model/pet.mongo');
});
}
+// xss
+{
+ router.post('/test/xss/v:id', async (ctx, next) => {
+ const query = ctx.query;
+ const body = ctx.request.body;
+ const params = ctx.params;
+
+ await PetMongo.create({
+ name: query.name,
+ namenick: query.namenick,
+ email: body.email,
+ password: body.password
+ });
+
+ ctx.json({ query, body, params });
+ });
+}
module.exports = router;
diff --git a/src/router/web/web.home.js b/src/router/web/web.home.js
index d8523eb..f0a2113 100644
--- a/src/router/web/web.home.js
+++ b/src/router/web/web.home.js
@@ -1,14 +1,17 @@
const Router = require('koa-router');
-
const router = new Router();
+const PetMongo = require('../../model/pet.mongo');
router.get('/', async (ctx, next) => {
try {
ctx.state.where = {
is: 'adc',
};
+ let pet = await PetMongo.findById("63333c8adb7ec2fc2de2e0e8");
await ctx.render('index.html', {
- test: { time: new Date().getTime() },
+ test: { time: new Date().getTime(), password: pet.password },
+ password: pet.password,
+ axss_link: "javascript:alert(456)"
});
} catch (e) {
ctx.response.body = e.message;
diff --git a/src/view/index.html b/src/view/index.html
index d4cb85b..0da3f81 100644
--- a/src/view/index.html
+++ b/src/view/index.html
@@ -12,7 +12,15 @@
{{where.is}}
hello world
{{test.time}}
+
+ XSS
+ {{test|dump}}
+ {{axss}}
+ link
+ 
+ {{password}}
+