So, I'm am fairly new to NodeJS and any programming in general, and I'm not sure if I'm going about this correctly. I've been practicing things like this since I was 9 or 10 (currently 13). So before I delved into NodeJS anymore, I wanted to make sure I'm using it correctly.
So, after working with PHP for some time. You can simply "echo" something in the document to return data from the server, such as an IP address.
<?php
echo $_SERVER["REMOTE_ADDR"];
?>
This would effectively echo the user's IP wherever the bit of PHP is located in the document - parsed by Apache's module (right?)
What is the con of this? Is there any way to re-create NodeJS syntax with-in a document which is then parsed by the NodeJS HTTP server to get any NodeJS between, lets say <nodejs>script</nodejs>
.
So, in shorter, more understandable terms. Is it technically safe to take NodeJS out of a document before it's displayed - eval that Nodejs script, then remove it and display it.
Although this sounds kinda sketchy. So I'm currently using an alternative method. But I'm not sure if this would technically be safe either.
Right now, in the document, I would have something like <p>Your IP is [*IP*]</p>
, which I use NodeJS's file system module to do something like this:
app.get("/", function(req, res){
res.send(fs.readFileSync(__dirname + "index.html").replace(/\[\*IP\*\]/g, req.connection.remoteAddress));
});
Although, this just seems a little iffy to me. And since I haven't got a lot of experience on the security aspect of web development, I was hoping I could get some insite on how this is safe or unsafe. How would I accomplish this?
Thanks for taking the time to read and help me improve my knowledge on this subject!