我只允许用户带上你管或任何其他视频来源,要求他们提交他们所接收的密码的<代码>src。 然后,我将其节省到数据库中,并通过一机装上。 然而,如果有一个来源,例如src=”http://innocent.com/hackingContent.php>,那么我的网站是否容易发生Xs攻击?
I am estimating that the user may have a malicious script in that src which will load as soon as the iframe embeds the source into my own html.
EDIT What if the src contains <script type="text/javascript" src="evilScript.js"></script> . Although I am using a preg_match just to make sure that its a url only.
是的,你是脆弱的。 防止坏用户与猪肉相连接的情况如何? 或一个网站,对用户名和密码进行盘点和收集。
为什么不打上你会接受的白色视频来源清单......这些域名上了,并且对ur进行了核查。
That way people can t insert completely random urls into your content.
“清单”是你将接受的价值观清单。 例如,在您的服务器上,当用户提交导游时,你会接受任何来自用户的信息。
权利? 因此,你列出了你将接受的所有导游名单,然后确保用户的投入与你名单上的一个项目相吻合。 如果你拒绝。 (与我们相对应的是开始或像这样的东西——显然不是确切的匹配)
“黑名单”恰恰相反。 您将有一个名单,但名单是won t。
White List == List of things you allow
Black List == List of things you don t allow
No, if the iframe src is different than the domain that is invoking said iframe, you are protected from XSS attacks. This is per the Same-domain Origin Policy.
How to get a selected text inside a iframe. I my page i m having a iframe which is editable true. So how can i get the selected text in that iframe.
I would like to click a link in my page using javascript. I would like to Fire event handlers on the link without navigating. How can this be done? This has to work both in firefox and Internet ...
Heres the problem, In Masterpage, the google analytics code were pasted before the end of body tag. In ASPX page, I need to generate a script (google addItem tracker) using codebehind ClientScript ...
Is there a reliable way to access the client machine s clipboard using Javascript? I continue to run into permissions issues when attempting to do this. How does Google Docs do this? Do they use ...
I have a large javascript which I didn t write but I need to use it and I m slowely going trough it trying to figure out what does it do and how, I m using alert to print out what it does but now I ...
Is it possible for someone to give me a few pointers on how to display a multidimensional array in the form of a bar graph? The array is multidimensional, with three elements in each part - and the ...
Is it possible to reload a form after file-input change? I have a form where the user can chose an image for upload. I also have a php script which displays that image resized. I only wonder if it ...
I ve made a little forum and I want parse the date on newest posts like twitter, you know "posted 40 minutes ago ","posted 1 hour ago"... What s the best way ? Thanx.
