我如何理解edittext中的javascript或jquery代码?
[英]How can I understand javascript or jquery code inside in edittext?
问题描述
I have a edittext wihch users can write something and post my server. 
我有一个edittext,用户可以写一些东西并发布我的服务器。 I want to know how can I control the text include javascript , jquery or something else which has bad behavior ? 我想知道如何控制包括javascript , jquery或其他行为不良的文本?
should I solve this android side or webservice side ? 我应该解决这个android方面还是webservice方面? I use mvc 4.5 (I mean should I solve this c# side?) 我使用MVC 4.5(我的意思是应该解决C#问题吗?)
thanks in advance 提前致谢
1 个解决方案
解决方案1
0 2014-07-18 09:30:08
I think you should move it to the server side. 我认为您应该将其移至服务器端。
Why ? 为什么呢 Because if someone want to do bad things with your backend, he can easily do it directly with his computer thus bypassing your android side content purification. 因为如果有人想对您的后端做坏事,那么他可以轻松地直接用他的计算机来完成它,从而绕过您的Android内容净化。
He just have to launch Wireshark on his PC (or use a proxy to do MITM if you use HTTPS or SSL), listen the conversation your Android app and your server are having and then use that information to build an attack with his computer. 他只需要在PC上启动Wireshark(或者,如果您使用HTTPS或SSL,则可以使用代理执行MITM),聆听您的Android应用和服务器之间的对话,然后使用该信息对他的计算机进行攻击。
A lot of APIs are not securised enough because people are still thinking that people can't access it outside the apps, it's wrong, they can. 许多API不够安全,因为人们仍然认为人们无法在应用程序外部访问它,这是错误的,他们可以。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.