12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
ADADADADAD
网络知识 时间:2024-12-04 12:32:14
作者:文/会员上传
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
网页防止xss攻击的方法:实现过滤器对特殊字符进行转义过滤,例如:functionfilter(xss){varwhiteList=['h1','h2'];//白名单vartranslateMap={'<':'
以下为本文的正文内容,内容仅供参考!本站为公益性网站,复制本文以及下载DOC文档全部免费。
网页防止xss攻击的方法:
实现过滤器对特殊字符进行转义过滤,例如:
functionfilter(xss){
varwhiteList=['h1','h2'];//白名单
vartranslateMap={'<':'<','>':'>'};
returnxss.replace(/<\/?(.*?)>/g,function(str,$1,index,origin){
console.log($1);
if(whiteList.indexOf($1)>=0){
returnstr;
}
returnstr.replace(/[<>]/g,function(str){
returntranslateMap[str];
});
});
}
varsearch=location.search;
varquery=search.slice(1);
varparams=query.split('&').map(function(str){
varlist=str.split('=');
varkey=list[0];
varval=list[1];
return{key:decodeURIComponent(key),val:decodeURIComponent(val)};
});
console.log(params);
varxss;
params.some(function(item){
xss=item.val;
returntrue;
});
console.log(xss);
console.log(filter(xss));
document.open();
document.write(xss);
document.write(filter(xss));
document.close();
//eghttp://127.0.0.1:8080/?xss=<script>alert(1)</script><h1><h2>1233</h2></h1>
11-20
11-19
11-20
11-20
11-20
11-19
11-20
11-20
11-19
11-20
11-19
11-19
11-19
11-19
11-19
11-19