Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

网络安全:XSS #10

Open
Chenjiayuan195 opened this issue May 25, 2020 · 1 comment
Open

网络安全:XSS #10

Chenjiayuan195 opened this issue May 25, 2020 · 1 comment

Comments

@Chenjiayuan195
Copy link
Owner

No description provided.

@Chenjiayuan195
Copy link
Owner Author

如何发生:
主要是script标签的插入攻击,比如留言板功能输入了<script></script>,其他用户浏览的时候就会遭到攻击

防御手段:
1.对引号,尖括号进行转义,可以用js-xss库实行白名单转义
2.csp(内容安全策略):http-header中Content-Security-policy来控制加载的资源文件,来控制恶意脚本注入

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant