为什么我的Rails应用程序会在URL中接收带有jQuery代码的请求?
[英]Why is my Rails app receiving requests with jQuery code in the URL?
问题描述
Our production Rails 2.3.5 app, running on Heroku, is receiving bizarre requests that include snippets of JavaScript in the URL. 
我们在Heroku上运行的生产型Rails 2.3.5应用程序正在接收奇怪的请求,这些请求的URL中包含JavaScript片段。 We have error reporting set up with Hoptoad/Airbrake on Heroku, where I'm seeing requests like the following: 我们在Heroku上使用Hoptoad / Airbrake设置了错误报告,在这里我看到如下请求:
http://cooksnetwork.williams-sonoma.com/publishers/448/widgets/;if(c.css(this[a], http://cooksnetwork.williams-sonoma.com/publishers/448/widgets/);f=e.css ( http://cooksnetwork.williams-sonoma.com/publishers/448/widgets/,c.css(this[a], http://cooksnetwork.williams-sonoma.com/publishers/448/widgets/).css (
These are RESTful routes, with widgets nested under publishers. 这些是RESTful路由,其小部件嵌套在发布者下。 The strings following widgets/ are found in the minified jQuery 1.4.2 source, which we have in public/javascripts . 在最小化的jQuery 1.4.2源代码(可在public/javascripts中找到)中找到widgets/的字符串。 Each request results in an ActionView::MissingTemplate error, with everything between widgets/ and .css being interpreted as the desired action, ex.: 每个请求都会导致ActionView :: MissingTemplate错误,并且widgets/和.css之间的所有内容都被解释为所需的操作,例如:
ActionView::MissingTemplate: Missing template widgets/;if(c.erb in view path app/views
It seems to be the same four snippets, in the same order, occurring as a set every 1-5 minutes and taking 1-2 minutes from start to finish. 这似乎是相同的四个片段,顺序相同,每1-5分钟以一组为一组,从头到尾花费1-2分钟。 The publisher ID varies over time. 发布者ID随时间变化。
These errors have been logged over 60,000 times now. 现在,这些错误已记录超过60,000次。 Does anyone have similar experience or an idea what's happening? 有没有人有类似的经验或想法发生了什么?
1 个解决方案
解决方案1
0 2011-08-01 15:02:42
Is this site public? 这个网站是公开的吗? Someone might be trying to find XSS exploits 可能有人试图找到XSS漏洞
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.