We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No description provided.
The text was updated successfully, but these errors were encountered:
如何发生: 主要是script标签的插入攻击,比如留言板功能输入了<script></script>,其他用户浏览的时候就会遭到攻击
防御手段: 1.对引号,尖括号进行转义,可以用js-xss库实行白名单转义 2.csp(内容安全策略):http-header中Content-Security-policy来控制加载的资源文件,来控制恶意脚本注入
Sorry, something went wrong.
No branches or pull requests
No description provided.
The text was updated successfully, but these errors were encountered: