1

如何修复 ASP.Net 上的反射型 XSS 客户端问题?谁能帮我?

问题如下:

反射型 XSS 客户端

方法 :

行:563

Private Shared Function bindSiteMenu(TSql As String) As Data.DataTable
....
563.                  DRow.Item("Sortby") =  dt1.Rows(i).Item("Sortby").ToString
564.                  dtAll.Rows.Add(DRow)
....
569.          Return dtAll

方法 :

Public Shared Function FrontSiteMenuForSMap(ByVal SiteID As Long) As 
Data.DataTable

                ....
529.          Return bindSiteMenu(TSql)

方法 :

Protected Sub SiteMap(SitID As Long)

    ....
    27.          Dim dt As Data.DataTable =
    SiteMenuObj.FrontSiteMenuForSMap(SitID)
    ....
    29.              SetNodes(dt, SitID, 0, 0, "")

方法 :

行:77

Protected Sub SetNodes(ByVal dtTree As Data.DataTable, ByVal SiteID As Long,ByVal ParentId As Long, ByVal Level As Integer, ByVal TreeNumber As String)

....
33.      Protected Sub SetNodes(ByVal dtTree As Data.DataTable, ByVal
SiteID As Long, ByVal ParentId As Long, ByVal Level As Integer, ByVal
TreeNumber As String)
....
36.          rows = dtTree.Select(filterExpr)
37.          If rows.GetUpperBound(0) >= 0 Then
....
47.              For Each row In rows 
48.                  tmpParentId = row.Item("ParentId").ToString
49.                  tmpFDefaultLink = row.Item("FDefaultLink").ToString
50.                  tmpMenuTitle = row.Item("MenuTitle").ToString
51.                  tmpMenuID = row.Item("MenuID").ToString
52.                  tmpSiteID = row.Item("SiteID").ToString
53.                  tmpURL = row.Item("URL").ToString
....
71.                          Url = tmpURL
....
77.                      litF.Text = "<li " & css & "><a href=""" & Url
& """ title=""" & tmpMenuTitle & Title & """>" & tmpNumber & tmpCount &
"." & tmpMenuTitle & "</a><ol>"

感谢大家的帮助!

4

0 回答 0