“This is the 15th day of my participation in the Gwen Challenge in November. Check out the details: The Last Gwen Challenge in 2021.”
This article is part of the KOA dependency series, the first few of which can also be viewed on the site:
- Koa depends on the library parseURL
- Koa relies on the libraries Type-is and Content-Disposition
- The Koa dependent libraries accept, Content-Type, and cache-Content-Type
Take a look at two string-related libraries, both of which in Koa are only used within the redirect function in Response.
Encodeurl is used to set Location in redirect. When redirecting, the Response header contains Location property and the value is a Url, which is encoded by encodeURL library in KOA. Encodeurl:
var ENCODE_CHARS_REGEXP = /(? :[^\x21\x25\x26-\x3B\x3D\x3F-\x5B\x5D\x5F\x61-\x7A\x7E]|%(? :[^0-9A-Fa-f]|[0-9A-Fa-f][^0-9A-Fa-f]|$))+/g var UNMATCHED_SURROGATE_PAIR_REGEXP = /(^|[^\uD800-\uDBFF])[\uDC00-\uDFFF]|[\uD800-\uDBFF]([^\uDC00-\uDFFF]|$)/g var UNMATCHED_SURROGATE_PAIR_REPLACE = '$1\uFFFD$2' function encodeUrl (url) { return String(url) .replace(UNMATCHED_SURROGATE_PAIR_REGEXP, UNMATCHED_SURROGATE_PAIR_REPLACE) .replace(ENCODE_CHARS_REGEXP, encodeURI) }Copy the code
As you can see, encodeURL has very little code, and encodeURI is still called, but some processing is done before calling, so that the encoded data will not be repeatedly encoded. For example:
The original URL http://localhost:3001/te st contains a space, which needs to be encoded. The URL after encode becomes http://localhost:3001/te%20st, and the space is encoded as %20. If the new URL is encoded again, the percent sign will be encoded as %25, and the encoding result will be http://localhost:3001/te%2520st. The native encodeURI method will only encode each character of the string passed in one by one. It does not determine whether it has been coded once. The logic in encodeURI is reasonable as a general method, but in KOA urls that have already been encoded in this scenario should not be encoded again, so the logic in EncodeURL is used here.
The escape- HTML library, as its name suggests, is a tool for filtering HTML strings. To prevent XSS, escape is used for all data received from the user side in the browser, which is also used in KOA. In the redirect logic there is this code:
if (this.ctx.accepts('html')) {
url = escape(url)
this.type = 'text/html; charset=utf-8'
this.body = `Redirecting to <a href="${url}">${url}</a>.`
return
}
Copy the code
Here, if the browser can receive HTML, KOA will add an A tag to the body, which will render the INFORMATION from the URL to the page through the A tag. Since the URL information may contain special HTML strings, this is done in escape HTML. The source code is as follows:
var matchHtmlRegExp = /["'&<>]/ function escapeHtml (string) { var str = '' + string var match = matchHtmlRegExp.exec(str) if (! match) { return str } var escape var html = '' var index = 0 var lastIndex = 0 for (index = match.index; index < str.length; index++) { switch (str.charCodeAt(index)) { case 34: // " escape = '" ' break case 38: // & escape = '& ' break case 39: // ' escape = '' ' break case 60: // < escape = '< ' break case 62: // > escape = '> ' break default: continue } if (lastIndex ! == index) { html += str.substring(lastIndex, index) } lastIndex = index + 1 html += escape } return lastIndex ! == index ? html + str.substring(lastIndex, index) : html }Copy the code
The code logic itself is not complicated, here the matching expression is /[“‘&<>]/, replace the corresponding five special characters with a safe character encoding.
The above is two strings related library source, this content is very little, you can see that string processing can not leave the flexible application of regular expression, in the previous header related library can also see a lot of related practice.