XSS漏洞
[英]XSS Vulnerability
问题描述
I am developing a mobile application using jquery mobile. 
我正在使用jquery mobile开发移动应用程序。 I want to eliminate all the xss attack in my app. 我想消除我的应用程序中的所有xss攻击。 When I was testing my application Cross site reflected error occurs. 当我测试我的应用程序时,Cross site反映出现错误。 Actually, the error occurs in my query. 实际上,错误发生在我的查询中。 Is there any javascript code to eliminate all the Xss errors? 是否有任何javascript代码来消除所有的Xss错误? Or else give me an idea to eliminate those errors both in the client and server side? 或者让我想一想在客户端和服务器端消除这些错误?
Thanks in advance! 提前致谢!
Thanks for your prompt response. 感谢您的及时回应。
Query: 查询:
SELECT%20Id%2C%20Name%2C%20lsc_ Course _r.Name%2C%20lsc_ StartDate _c%2C%20lsc_ Venue _r.Name%20FROM%20lsc_ event _c%20WHERE%20lsc_ StartDate _c%20%3E%3D%20TODAY%20ORDER%20BY%20lsc_ StartDate _c 72aaaalert(1)606c8b0c254 SELECT%20Id%2C%20Name%2C%20lsc_ Course _r.Name%2C%20lsc_ StartDate _c%2C%20lsc_ Venue _r.Name%20FROM%20lsc_ event _c%20WHERE%20lsc_ StartDate _c%20%3E%3D%20TODAY% 20ORDER%20BY%20lsc_ StartDate _c 72aaaalert(1)606c8b0c254
&_=1342613913758 HTTP/1.1 &_ = 1342613913758 HTTP / 1.1
I got this / 72aaaalert(1)606c8b0c254 / error at the end of the query. 我在查询结束时得到此/ 72aaaalert(1)606c8b0c254 /错误。 How do I remove it? 我该如何删除它?
1 个解决方案
解决方案1
2 已采纳 2012-07-19 09:27:08
Is there any javascript code to eliminate all the Xss errors?
No. There is no way to magically fix all XSS problems. 没有。没有办法神奇地修复所有XSS问题。
You must encode data before using it. 您必须在使用前对数据进行编码。 If you accept text input, then you must convert it to SQL before inserting it into a database, and into HTML before inserting it into HTML and so on. 如果接受文本输入,则必须在将其插入数据库之前将其转换为SQL,并在将其插入HTML之前将其转换为HTML,依此类推。 (Otherwise the text might include characters with special meaning in SQL / HTML / etc). (否则文本可能包含SQL / HTML / etc中具有特殊含义的字符)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.