OutputStream.write()期间的持久性XSS攻击
[英]Persistance XSS attack during OutputStream.write()
问题描述
I have been working over the security issue regarding the persistent-XSS attack and i was able to analyze the issue using fortify. 
我一直在研究有关持久XSS攻击的安全性问题,并且能够使用fortify分析此问题。
sends unvalidated data to a web browser , which can result in the browser executing malicious code. 将未经验证的数据发送到Web浏览器,这可能导致浏览器执行恶意代码。
Code is in Java. 代码使用Java。
void output(OutputStream out){
out.write(byteData); //byteData is a data member of the class of type byte[].
}
At line (2) in above snippet i am getting the notification of xss attack. 在以上代码片段的第(2)行中,我收到了xss攻击的通知。 So how can i validate it? 那么我该如何验证呢?
1 个解决方案
解决方案1
1 已采纳 2013-07-04 13:40:25
You have to validate your data before sending it to your OutputStream 您必须先验证数据,然后再将其发送到OutputStream
void output(OutputStream out) {
// Validate byteData code here
out.write(byteData);
}
Validation means checking if the code abides by the rules that you want to set for it. 验证意味着检查代码是否遵守要为其设置的规则。 For example, if you want to send only numbers, you can make sure that your byteData contains only numbers before sending it. 例如,如果只想发送数字,则可以确保在发送字节数据之前,byteData只包含数字。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.