考虑以下代码:
function redirect() {
window.location = "../../index.aspx?<%=Request.QueryString%>";
}
这段代码是安全的还是可以被 XSS 攻击利用?
如果是这样:
- 如何?
- 如何预防?
问问题
561 次
1 回答
4
Consider this as a querystring:
Xx"; alert('pwned'); window.location ="whatever
Basically, you are allowing completely arbitrary JavaScript to be injected.
Best solution: never take direct user input and use it this way.
Second best solution: encode it for use in a JavaScript string before using it there. A simple " breaks out here.
Also; do not mistakenly do HTML encoding for this. That won't work right and will still be vulnerable.
于 2013-03-12T11:23:56.143 回答