[英]Prevent input type from XSS attacks
I get the value from input type like this: 我从这样的输入类型获取值:
var num = $(document).find('#num').val();
I've tried to avoid the input type from XSS attacks with the following code: 我尝试使用以下代码避免XSS攻击的输入类型:
num = jQuery(num).text().replace( 'script', '' ) ;
but it's not working.Any other ideas ? 但这不起作用,还有其他想法吗?
Even if this code works, you cant prevent xss attacks with javascript. 即使此代码有效,您也无法使用javascript防止xss攻击。 if you want to do it with this:
$(document).find('#num').val($(document).find('#num').val().replace('script',''));
如果您想这样做:
$(document).find('#num').val($(document).find('#num').val().replace('script',''));
Now you have value in you input which script strings deleted but what if someone write <scscriptript>
in in your input? 现在,您在输入中具有价值,删除了哪些脚本字符串,但是如果有人在您的输入中写入
<scscriptript>
怎么办? after script string deleted in middle, there will be another script tag. 在中间删除脚本字符串后,将有另一个脚本标签。 You have to check your inputs in server side.
您必须在服务器端检查您的输入。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.