堆栈内存溢出
  简体   繁体   English

XSS漏洞

[英]XSS vulnerability

 原文  2012-07-19 10:40:15       javascript/ android/ jquery-mobile/ xss

问题描述

I got the below error when I testing my mobile application. 测试我的移动应用程序时出现以下错误。 How can i resolve this XSS error? 我该如何解决这个XSS错误?

The value of the q request parameter is copied into the HTML document as plain text between tags. q request参数的值将作为标记之间的纯文本复制到HTML文档中。 The payload 2906f<script>alert(1)</script>b08ffac3085 was submitted in the q parameter. 有效负载2906f<script>alert(1)</script>b08ffac3085在q参数中提交。 This input was echoed unmodified in the application's response. 该输入在应用程序的响应中未做任何修改。

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. 这种概念验证攻击表明,可以向应用程序的响应中注入任意JavaScript。

1 个解决方案

解决方案1
 0 已采纳  2012-07-19 10:41:59

You encode it for HTML before you put it in the HTML document. 您先将其编码为HTML,然后再将其放入HTML文档。

With JavaScript (since that is the only language you've mentioned), that generally means using createTextNode instead of innerHTML . 使用JavaScript(因为这是您提到的唯一语言),通常意味着使用createTextNode而不是innerHTML

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 XSS漏洞 - XSS Vulnerability HTML字段XSS漏洞 - HTML fields XSS vulnerability JavaScript 中的 XSS 漏洞 - XSS vulnerability in javascript 尽管编码了 XSS 漏洞 - XSS vulnerability despite encoding XSS漏洞定位器 - XSS vulnerability locator 明显的jsonp xss漏洞 - Apparent jsonp xss vulnerability 这个简单的 redux XSS 漏洞是如何工作的? - How does this simple redux XSS vulnerability work? 这是一个合法的 XSS 漏洞吗?如果是,如何重构来修复它? - Is this a legitimate XSS vulnerability and if yes, how to refactor to fix it? 文件下载-JavaScript中存储的XSS漏洞 - File download - stored XSS vulnerability in JavaScript 如何防止javascript中的客户端DOM XSS漏洞? - How to prevent Client DOM XSS vulnerability in javascript?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM