堆棧內存溢出
  簡體   English   中英

如何使JavaScript Cookie安全。 我已經嘗試過使用正則表達式來保護url和cookie值,但是沒有人在工作

[英]How to make javascript cookie secure. I have tried the regex for securing the url and cookie value but no one is working

 原文  2018-07-12 07:27:50       javascript

問題描述

這是我的cookie代碼。 

var campaignId ="someCookieValue";
var d = new Date();
d.setTime(d.getTime() + (365*24*60*60*1000));   // SET COOKIE EXPIRY TO 365 days.
var expires = "expires="+ d.toUTCString();
document.cookie = 'campaignId='+ campaignId + "; Domain="+ document.domain + "; path=/; " + expires;
document.cookie = 'sourceUrl='+ window.location.href + ";" + expires;

嘗試此驗證 

var campaignId ="someCookieValue";  
var d = new Date();
d.setTime(d.getTime() + (365*24*60*60*1000));   // SET COOKIE EXPIRY TO 365 days.
var expires = "expires="+ d.toUTCString();
var value = new RegExp(/^[a-zA-Z0-9\-_\.:]*$/);
if(value.test(campaignId))
    document.cookie = 'campaignId='+ campaignId + "; Domain="+ document.domain + "; path=/; " + expires;
var expression =/[-a-zA-Z0-9@:%_\+.~#?&//=]{2,256}\.[a-z]{2,4}\b(\/[-a-zA-Z0-9@:%_\+.~#?&//=]*)?/gi;
var pattern = new RegExp(expression);
var cookieValue = window.location.href;
if(cookieValue){
    if(value.test(cookieValue)) {
        cookieValue = encodeURIComponent(cookieValue);
        document.cookie = 'sourceUrl='+ cookieValue + ";" + expires;
    }
}

我在對document.cookie進行強化掃描時遇到問題,例如main.js lambda()方法在第486行的HTTP cookie中包含未驗證的數據。這會啟用Cookie操縱攻擊,並可能導致其他HTTP Response標頭操縱攻擊,例如: cache-poisoningcross-site scriptingcross-user defacementpage hijackingopen redirect

1 個解決方案

解決方案1
 0  2018-07-12 12:07:10

找到了解決方案。 我通過外部cryptoJs對cookie值進行了加密,並解決了掃描問題。 

var campaignId ="someCookieValue";
    var mySecret ="mysecret";
    var d = new Date();
            d.setTime(d.getTime() + (365*24*60*60*1000));   // SET COOKIE EXPIRY TO 365 days.
            var expires = "expires="+ d.toUTCString();
            var mySecret ="mysecret";
            var cookieValue = window.location.href;
            //Here I added encryption
            campaignId = CryptoJS.AES.encrypt(campaignId, mySecret);
            cookieValue = CryptoJS.AES.encrypt(cookieValue, mySecret); //end
            document.cookie = 'campaignId='+ campaignId + "; Domain="+ document.domain + "; path=/; " + expires;
            document.cookie = 'sourceUrl='+ cookieValue + ";" + expires;

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 我只能使Cookie在JavaScript中具有一個值 如何使用JavaScript中的XMLHttpRequest更改“ Cookie”(在標頭字段中)中一個cookie的值? JavaScript我如何制作Cookie / + 1動畫 PHP Cookie安全的JavaScript 如何使用 javascript 設置 cookie 安全標志 如何編輯安全 cookie? 如何基於讀取的cookie值使超鏈接指向不同的URL? 如何使動態值不是 cookie 如何將JavaScript值傳遞給Cookie 如何使用JavaScript讀取Cookie值?
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM