JavaScript NoSQL Injection prevention in MongoDB
问题 How can I prevent JavaScript NoSQL injections into MongoDB? I am working on a Node.js application and I am passing req.body , which is a json object, into the mongoose model's save function. I thought there were safeguards behind the scenes, but this doesn't appear to be the case. 回答1: Note My answer is incorrect. Please refer to other answers. -- As a client program assembles a query in MongoDB, it builds a BSON object, not a string. Thus traditional SQL injection attacks are not a problem.