防止输入类型受到XSS攻击
[英]Prevent input type from XSS attacks
问题描述
I get the value from input type like this: 
我从这样的输入类型获取值:
var num = $(document).find('#num').val();
I've tried to avoid the input type from XSS attacks with the following code: 我尝试使用以下代码避免XSS攻击的输入类型:
num = jQuery(num).text().replace( 'script', '' ) ;
but it's not working.Any other ideas ? 但这不起作用,还有其他想法吗?
1 个解决方案
解决方案1
1 2017-06-29 09:13:53
Even if this code works, you cant prevent xss attacks with javascript. 即使此代码有效,您也无法使用javascript防止xss攻击。 if you want to do it with this: $(document).find('#num').val($(document).find('#num').val().replace('script','')); 如果您想这样做: $(document).find('#num').val($(document).find('#num').val().replace('script',''));
Now you have value in you input which script strings deleted but what if someone write <scscriptript> in in your input? 现在,您在输入中具有价值,删除了哪些脚本字符串,但是如果有人在您的输入中写入<scscriptript>怎么办? after script string deleted in middle, there will be another script tag. 在中间删除脚本字符串后,将有另一个脚本标签。 You have to check your inputs in server side. 您必须在服务器端检查您的输入。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.