如何抵御XSS攻击?

XSS(跨站脚本)攻击,是让浏览器渲染DOM的时候意外的执行了恶意JS代码
XSS攻击的原理是在网页中嵌入一个恶意的脚本
也可以通过HTML格式邮件的方式,发送恶意脚本

xss恶意代码过滤

php Anti XSS library

composer require voku/anti-xss

<?php
use voku\helper\AntiXSS;

require_once __DIR__ . '/vendor/autoload.php'; // example path

$antiXss = new AntiXSS();
$harm_string = "Hello, i try to <script>alert('Hack');</script> your site";

$harmless_string = $antiXss->xss_clean($harm_string);

echo htmlspecialchars($harm_string); //Hello, i try to <script>alert('Hack');</script> 
echo $harmless_string;//Hello, i try to alert('Hack'); your site

spring boot实战之XSS(跨站脚本攻击)

https://www.jianshu.com/p/3e4b00b8ff3a



« 数据库架构演进
Installing Redis on CentOS 7 »

Copyright © 2023 Powered by MWeb湘ICP备2021013552号-1

TOP