客户端网页编辑有问题吗?
[英]Client side web-page editing problems?
问题描述
This is mostly for radio buttons but; 
这主要用于单选按钮,但是; what would happen if you edited the raw html of a web-page live in your browser and changed the value of a radio box? 如果您在浏览器中实时编辑网页的原始html并更改了单选框的值,会发生什么情况? If you decided to send that information through a form using php would the changed value of the radio button be sent or would it simply just retrieve its original values? 如果您决定使用php通过表单发送该信息,则将发送已更改的单选按钮值,还是仅获取其原始值? I would test this hypothesis but apache won't install properly. 我会测试这个假设,但是apache不会正确安装。
3 个解决方案
解决方案1
0 2011-10-08 01:10:35
You can send whatever info you like from your browser, you have complete control. 您可以从浏览器发送任何所需的信息,而您拥有完全的控制权。 So yes, you can send anything from any form - this is why client side sanity checks are useless. 因此,是的,您可以通过任何形式发送任何内容-这就是客户端健全性检查无用的原因。
Try out tamperdata (Firefox plugin) to view, and edit any POSTs your browser makes. 试用tamperdata (Firefox插件)以查看和编辑浏览器发出的所有POST。 Or you can (as you say) use firebug (another Firefox plugin) to edit the code of any site, and view it in your browser. 或者,您可以(如您所说)使用firebug (另一个Firefox插件)来编辑任何站点的代码,并在浏览器中查看它。
解决方案2
0 已采纳 2011-10-08 01:11:09
The value that the HTML page submits is what the server receives. HTML页面提交的值是服务器接收的值。 That's why you need to validate data server side before relying on it. 这就是为什么您需要依赖它之前验证数据服务器端的原因。 You should assume that every user a malicious hacker. 您应该假设每个用户都是恶意黑客。
$acceptable_values = array('0', '1', '2');
if(in_array($_POST['radio'], $acceptable_values)) {
//Radio button value is valid
} else {
//Radio button is not valid
die('Nice Try!');
}
Or you could have the radio button's value set to a default if it does not contain a valid value... 或者,如果单选按钮的值不包含有效值,则可以将其设置为默认值...
$acceptable_values = array('0', '1', '2');
if(in_array($_POST['radio'], $acceptable_values)) {
$radio = $_POST['radio'];
} else {
$radio = '0'; //Default
}
It's important to note that with the invention of tools like Firebug (gecko) and Inspector (webkit) you don't need to download, modify, and the view the HTML page. 重要的是要注意,借助诸如Firebug(gecko)和Inspector(webkit)之类的工具的发明,您无需下载,修改和查看HTML页面。 You can edit it live in the browser. 您可以在浏览器中对其进行实时编辑。
解决方案3
0 2011-10-08 01:27:58
Any person can post anything to any website. 任何人都可以将任何内容发布到任何网站。 That's the biggest security issue in the web. 那是网络上最大的安全问题。 And that's why you should DOUBT, VALIDATE AND SANITIZE ANY user input data. 这就是为什么您应该怀疑,验证和消毒任何用户输入数据的原因。 Since PHP 5.2 if I remember correctly, you have the function filter_var($var_to_be_filter, FILTER_TO_BE_APPLIED); 从PHP 5.2开始,如果我没有记错的话,您可以使用函数filter_var($var_to_be_filter, FILTER_TO_BE_APPLIED);
With that, you can avoid 2 security issues SQL Injection and XSS (Cross Site Scripting) . 这样,您可以避免2个安全问题SQL Injection和XSS (Cross Site Scripting) 。 Unfortunately, there are more security risks you have to consider; 不幸的是,您还必须考虑更多的安全风险。 CSRF , Cookie Hijacking , External File Access , Remote File Inclusion , Session Fixation , Directoy traversal , etc. CSRF , Cookie Hijacking , External File Access , Remote File Inclusion , Session Fixation , Directoy traversal等。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.