XSS跨站攻击修复方法

恶意攻击者往Web页面里插入恶意html代码,当用户浏览该页之时,嵌入其中Web里面的html代码会被执行,从而达到恶意用户的特殊目的。

ASP

漏洞代码示例:
<%
Dim param
Set param=Request.QueryString(“dd”)
response.write param
%>
修复范例:
<%
Dim param
Set param=Request.QueryString(“dd”)
response.write Server.HTMLEnCode(param)
%>

PHP

漏洞代码示例:
<?php
$aa=$_GET[‘dd’];
echo $aa.”123″;
?>
修复范例:
<?php
$aa=$_GET[‘dd’];
echo htmlspecialchars($aa).”123″;
?>

随机文章:

1、JDBC中PreparedStatement接口提供的execute、executeQuery和executeUpdate之间的区别及用法
https://www.onexin.net/the-difference-between-and-usage-of-jdbc-preparedstatement-interface-provides-the-execute-executequery-and-executeupdate/

2、CSS在线编辑助手 – CSS Style Editor
https://www.onexin.net/css-online-editor-assistant-css-style-editor/

3、用C/C++扩展你的PHP 为你的php增加功能
https://www.onexin.net/cc-extensions-your-php-to-add-functionality-to-your-php/

4、在线采集需要登陆的网站文章内容
https://www.onexin.net/need-to-visit-the-site-collected-online-article-content/

5、认清CSS的类class和标识id选择符
https://www.onexin.net/a-clear-understanding-of-the-css-class-of-class-and-identity-id-selector/

转载请注明出处:https://www.onexin.net/xss-and-clickjacking-attacks-repair-method/

Leave a Reply

Your email address will not be published. Required fields are marked *