长期看客,第一次发帖。我是 php 新手,希望有人能提供帮助。我使用本网站的联系表格 Tutorial Stag Contact Form Php Ajax Jquery遇到了 pci 合规问题。我想知道我需要做什么才能合规,我使用控制扫描运行代码,这是返回的内容:
Summary:
Cross-Site Scripting
Risk: High (3)
Type: Fritko
Port: 80
Protocol: TCP
Threat ID: 300004
Information From Target:
Regular expression ".{0,1}'.{0,1}">" matched contents of /contactform.php/'">.
Query Parameters
Fritko - '">
Solution:
There are built in functions for different languages that may do the encoding for you. In PHP you can use the htmlspecialchars() function In .Net you can use the Server.HtmlEncode() function.Details:
XSS is a type of computer security vulnerability typically found
in web applications which allow code injection by malicious web
users into the web pages viewed by other users. Examples of such
code include HTML code and client-side scripts.
An attacker can use this vulnerability to completely alter the
layout of a particular page for a specific user or to force the
user to launch malicious javascript.
Cross site scripting occurs when user input is not properly
encoded by the application prior to display back to the user. In
order to fix this issue, the application developers must encode
most non-alphanumeric user-supplied data into their corresponding
HTML characters before the data is displayed back to the user. For
example, " would convert to " and < would convert
to <
There are built in functions for different languages that may do
the encoding for you. In PHP you can use the htmlspecialchars()
function In .Net you can use the Server.HtmlEncode() function.
在进行大量谷歌搜索时,我迷失了应该添加的内容以解决问题。网站上的代码正是我使用的。你们能帮我解决这个问题吗?如果您访问该网站,您将能够查看完整的代码并帮助我,我将不胜感激!