dovgqc2648 2014-11-19 22:32
浏览 56
已采纳

内部文档数据替换为NodeJS

So, I'm am fairly new to NodeJS and any programming in general, and I'm not sure if I'm going about this correctly. I've been practicing things like this since I was 9 or 10 (currently 13). So before I delved into NodeJS anymore, I wanted to make sure I'm using it correctly.

So, after working with PHP for some time. You can simply "echo" something in the document to return data from the server, such as an IP address.

<?php
  echo $_SERVER["REMOTE_ADDR"];
?>

This would effectively echo the user's IP wherever the bit of PHP is located in the document - parsed by Apache's module (right?)

What is the con of this? Is there any way to re-create NodeJS syntax with-in a document which is then parsed by the NodeJS HTTP server to get any NodeJS between, lets say <nodejs>script</nodejs>.

So, in shorter, more understandable terms. Is it technically safe to take NodeJS out of a document before it's displayed - eval that Nodejs script, then remove it and display it.

Although this sounds kinda sketchy. So I'm currently using an alternative method. But I'm not sure if this would technically be safe either.

Right now, in the document, I would have something like <p>Your IP is [*IP*]</p>, which I use NodeJS's file system module to do something like this:

app.get("/", function(req, res){
  res.send(fs.readFileSync(__dirname + "index.html").replace(/\[\*IP\*\]/g, req.connection.remoteAddress));
});

Although, this just seems a little iffy to me. And since I haven't got a lot of experience on the security aspect of web development, I was hoping I could get some insite on how this is safe or unsafe. How would I accomplish this?

Thanks for taking the time to read and help me improve my knowledge on this subject!

  • 写回答

1条回答 默认 最新

  • douhe4608 2014-11-29 12:54
    关注

    I don't think it's a question of security or something like that, but a question of how Node.js works compared to PHP.

    PHP is basically, as you wrote correctly, file based. So you create a text file with the extension .php, put your HTML markup and maybe some logic (like printing the ip address) in it and that's it. The rest is done by the web server, mainly Apache, which sends each request to a .php-file through "the PHP engine" which interprets your code and renders the result to the client (which in your case is your browser).

    Node.js does not work that way. Instead of looking for a file which is then interpreted and returned, the most common (not the only) way is to use a "middleware" which is processing the request.

    First it looks after an "endpoint" for each request. Broadly speaking you can register a function for each route, as you did in your example code for the route "/" (could also be ("/what-is-my-ip").

    That function is your "controller action" which could perform some business logic, as fetching the ip address.

    After finishing that, it passes the result to a view engine or simply returns a simple view trough that engine.

    A view is basically what your .php would be, but it does not contain any logic, which is the main difference to PHP.

    It's mainly working after the Model View Controller pattern.

    Some view engines:

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 这个电路是如何实现路灯控制器的,原理是什么,怎么求解灯亮起后熄灭的时间如图?
  • ¥15 matlab数字图像处理频率域滤波
  • ¥15 在abaqus做了二维正交切削模型,给刀具添加了超声振动条件后输出切削力为什么比普通切削增大这么多
  • ¥15 ELGamal和paillier计算效率谁快?
  • ¥15 file converter 转换格式失败 报错 Error marking filters as finished,如何解决?
  • ¥15 ubuntu系统下挂载磁盘上执行./提示权限不够
  • ¥15 Arcgis相交分析无法绘制一个或多个图形
  • ¥15 关于#r语言#的问题:差异分析前数据准备,报错Error in data[, sampleName1] : subscript out of bounds请问怎么解决呀以下是全部代码:
  • ¥15 seatunnel-web使用SQL组件时候后台报错,无法找到表格
  • ¥15 fpga自动售货机数码管(相关搜索:数字时钟)