Approach XSS prevention on Html page using javascript
Question
如何使用javascript(而非jsp页面)转义表单的文本框内容以避免xss。提交表单时,必须在页面上正确地重新放置它。
2 answers
solution1
2 ACCPTED 2011-08-05 14:59:39
使用document.appendChild , document.createTextNode和friends而不是接受原始HTML的属性(例如innerHTML )将文本插入文档中。
solution2
1 2011-08-05 15:44:30
"Insert the text into the document using document.appendChild, document.createTextNode and friends instead of a property (such as innerHTML) that accepts raw HTML."
as Quentin says, or, using an existing textbox, use the value property:
textObject.value="value"
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
jquery xss prevention when using html()
Javascript XSS Prevention
.innerHTML & XSS Prevention
XSS attack prevention
XSS prevention and .innerHTML
XSS safe html decode for Javascript
XSS - is it only possible by using JavaScript?
Javascript: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
XSS issue on a clicking hyperink in HTML page
XSS prevention. Handling <script is enough?
Related Tags