Inflearn Community Q&A

var sanitizeHtml = require('sanitize-html'); //이걸로 설정해주고

fs.readdir('./data', function(error,files){

          var filteredPath = path.parse(queryData.id).base;

          fs.readFile(`data/${filteredPath}`,'utf8',function(err,description) {

            var title = queryData.id;

            var sanitizedTitle = sanitizeHtml(title);

            var sanitizedDescription = sanitizeHtml(description);

            var list = template.list(files);

            var html = template.html(sanitizedTitle, list,

               `<h2>${sanitizedTitle}</h2>${sanitizedDescription}`,

               `<a href="/create">create</a>

                <a href="/update?id=${sanitizedTitle}">update</a>

                <form action="delete_process" method="post">

                  <input type="hidden" name="id" value="${sanitizedTitle}">

                  <input type="submit" value="delete">

                </form>`

             );

            response.writeHead(200);

            response.end(html);

          });

        });

//이렇게 했는데 creat든 update든 h1태그가 살아있습니다. 허용도 안했는데... 뭐가 문제일지 알수있을까요?