Web???????????????????????
???????????? ???????[ 2014/8/28 14:15:54 ] ??????????????? Web???? ???????
????3???????????????????????
???????????????????XSS??????????????????????????????????????????????????????????????????????????????Щ??????????棬????????????<script>alert('?????????浯??????');</script>?????????????????Щ?????????????????????????????????????治?????????????????????????????????????????????????????????????????????????????????????????????????????????????Σ??????????????????????????Щ????????????
????XSS??????????????????????????? Cookie???????????????o???????????????????????????????????????????????[??????]?????????????????? JavaScript ??????????????????????????
????[1] <>?????????
????[2] "???????
????[3] '?????????
????[4] %??????????
????[5] ;??????
????[6] ()???????
????[7] &??& ?????
????[8] +??????
????????????????XSS?????????????????????HttpUitility??HtmlEncode????????????????AntiXSSLibrary???д??????????????
????????????????AntiXSSLibrary????????????????????????????????????????Web????ò???XSS??????
protected void Page_Load(object sender?? EventArgs e)
{
this.lblName.Text = Encoder.HtmlEncode("<script>alert('OK');</SCRIPT>");
}
??????????????????????????Lable?????????????????????
????????????????????????????????壬??????????????????????????????AntiXSSLibrary?????HtmlSanitizationLibrary???Sanitizer.GetSafeHtmlFragment???ɡ?
protected void btnPost_Click(object sender?? EventArgs e)
{
this.lblName.Text = Sanitizer.GetSafeHtmlFragment(txtName.Text);
}
???????????????????????????????????????????????????????????????????
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11
sales@spasvo.com