freeCodeCamp/curriculum/challenges/chinese/09-information-security/information-security-with-h.../prevent-ie-from-opening-unt...

---
id: 587d8248367417b2b2512c3b
title: 使用 helment.ieNoOpen() 防止 IE 打开不受信任的 HTML
challengeType: 2
forumTopicId: 301584
---

# --description--

请注意，本项目在 [这个 Repl.it 项目](https://repl.it/github/freeCodeCamp/boilerplate-infosec) 的基础上进行开发。你也可以从 [GitHub](https://github.com/freeCodeCamp/boilerplate-infosec/) 上克隆。

有些网站会下载不安全的 HTML 文件，某些版本的 IE 默认情况下还会在你网站的作用域下打开这些 HTML 文件。换句话说，这些不安全的 HTML 页面可以在你的网站做恶意行为。我们可以通过中间件来设置 header 中的 X-Download-Options 字段，让它的值为 noopen。这样就可以防止 IE 在不信任的网站下执行下载的文件。

# --hints--

应正确加载 helmet.ieNoOpen() 中间件

```js
(getUserInput) =>
  $.get(getUserInput('url') + '/_api/app-info').then(
    (data) => {
      assert.include(data.appStack, 'ienoopen');
      assert.equal(data.headers['x-download-options'], 'noopen');
    },
    (xhr) => {
      throw new Error(xhr.responseText);
    }
  );
```

# --solutions--
Add languages Russian, Arabic, Chinese, Portuguese (#18305) 2018-10-10 22:03:03 +00:00			`---`
			`id: 587d8248367417b2b2512c3b`
chore(learn): Applied MDX format to Chinese curriculum files (#40462) 2020-12-16 07:37:30 +00:00			`title: 使用 helment.ieNoOpen() 防止 IE 打开不受信任的 HTML`
Add languages Russian, Arabic, Chinese, Portuguese (#18305) 2018-10-10 22:03:03 +00:00			`challengeType: 2`
feat(i18n/Chinese): add translation of Information Security with HelmetJS (2/4) (#39540) 2020-09-17 10:53:22 +00:00			`forumTopicId: 301584`
Add languages Russian, Arabic, Chinese, Portuguese (#18305) 2018-10-10 22:03:03 +00:00			`---`

chore(learn): Applied MDX format to Chinese curriculum files (#40462) 2020-12-16 07:37:30 +00:00			`# --description--`
Add languages Russian, Arabic, Chinese, Portuguese (#18305) 2018-10-10 22:03:03 +00:00
chore(learn): Applied MDX format to Chinese curriculum files (#40462) 2020-12-16 07:37:30 +00:00			`请注意，本项目在 [这个 Repl.it 项目](https://repl.it/github/freeCodeCamp/boilerplate-infosec) 的基础上进行开发。你也可以从 [GitHub](https://github.com/freeCodeCamp/boilerplate-infosec/) 上克隆。`
Add languages Russian, Arabic, Chinese, Portuguese (#18305) 2018-10-10 22:03:03 +00:00
chore(learn): Applied MDX format to Chinese curriculum files (#40462) 2020-12-16 07:37:30 +00:00			`有些网站会下载不安全的 HTML 文件，某些版本的 IE 默认情况下还会在你网站的作用域下打开这些 HTML 文件。换句话说，这些不安全的 HTML 页面可以在你的网站做恶意行为。我们可以通过中间件来设置 header 中的 X-Download-Options 字段，让它的值为 noopen。这样就可以防止 IE 在不信任的网站下执行下载的文件。`
Add languages Russian, Arabic, Chinese, Portuguese (#18305) 2018-10-10 22:03:03 +00:00
chore(learn): Applied MDX format to Chinese curriculum files (#40462) 2020-12-16 07:37:30 +00:00			`# --hints--`
Add languages Russian, Arabic, Chinese, Portuguese (#18305) 2018-10-10 22:03:03 +00:00
chore(learn): Applied MDX format to Chinese curriculum files (#40462) 2020-12-16 07:37:30 +00:00			`应正确加载 helmet.ieNoOpen() 中间件`
Add languages Russian, Arabic, Chinese, Portuguese (#18305) 2018-10-10 22:03:03 +00:00
			```js
chore(learn): Applied MDX format to Chinese curriculum files (#40462) 2020-12-16 07:37:30 +00:00			`(getUserInput) =>`
			`$.get(getUserInput('url') + '/_api/app-info').then(`
			`(data) => {`
			`assert.include(data.appStack, 'ienoopen');`
			`assert.equal(data.headers['x-download-options'], 'noopen');`
			`},`
			`(xhr) => {`
			`throw new Error(xhr.responseText);`
			`}`
			`);`
Add languages Russian, Arabic, Chinese, Portuguese (#18305) 2018-10-10 22:03:03 +00:00			```
fix: insert blank line after ``` search and replace ```\n< with ```\n\n< to ensure there's an empty line before closing tags 2020-08-13 15:24:35 +00:00
chore(learn): Applied MDX format to Chinese curriculum files (#40462) 2020-12-16 07:37:30 +00:00			`# --solutions--`