如何保护Angular 2 SPA免受XSS攻击?
[英]How do I protect an Angular 2 SPA from XSS attacks?
问题描述
I need to secure my SPA from XSS. 
我需要从XSS保护我的SPA。 I use Angular 2 for the client side and REST services in JAVA on the server. 我将Angular 2用于客户端,并在服务器上的JAVA中使用REST服务。
I know that Angular treats all inputs in the template as unsecure and sanitize and escapes html tags, etc. there is also the protection built in the browsers using the X-XSS header. 我知道Angular会将模板中的所有输入都视为不安全并清理和转义html标签,等等。浏览器中还使用X-XSS标头内置了保护功能。
Do I need to do some protection on the server side? 我需要在服务器端做一些保护吗? handle the data sent from/to the client? 处理从/向客户端发送的数据?
if so is there a java library that wraps all the requests and secure them from XSS? 如果是这样,是否有一个Java库包装所有请求并从XSS保护它们?
one of the requests is to save a password and I want to allow special characters, how do I not change the password`s characters and still being secure? 要求之一是保存密码,我想允许使用特殊字符,如何更改密码的字符并且仍然安全?
Thanks! 谢谢!
1 个解决方案
解决方案1
0 2016-09-29 08:25:19
Never trust the client! 永远不要相信客户! For your Java Backend you can use for example the AntiSamy Project from the OWASP. 对于Java后端,您可以使用例如OWASP中的AntiSamy项目。 It helps you that clients don't supply malicious cargo code via HTML/CSS that get persisted on the server. 它可以帮助您避免客户端不通过HTML / CSS提供恶意的货物代码,而这些代码会持久保存在服务器上。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.