我们正在我们的网页上展示第3个政党的超文本,这应当正确无误地使大多数事情,包括链接和图像。 我们基本希望抗拒所有文字,即文字。
<script>...</script>
但是,事情可以产生巨大的创造性。 一个简单的事例是,在文字标签之外可以展示文字
<a href="javascript:alert( XSS )">
我们当然需要允许联系。
事实上,正如我相信你们许多人知道的那样,问题非常残酷:。
如果在用户向您网站张贴评论意见的情况下,你可以放弃所有超文本,或放弃所有超文本,但<代码><em>,<i>,<u> and <s>。 就我而言,我们需要允许所有超文本但听起来的文字,这些文字很难,但并非不寻常的要求。 是否有任何图书馆或工具支持这种高超的放任率和特别安全等级?
语言,按优先顺序排列: 425, PHP, Java, C/C++。
您可使用javascript (或j Query)在提交网页之前检查贵国的href有以下表格:http:// for any <a> tag, using regex.
您是否考虑采用PHP框架,准则识别器?
有一个安全等级,包括Xs_clean(Xs)功能,而且更能密切地满足你的需要。
rel=“nofollow” http://codeigniter.com/user_guide/libraries/security.html
AFAIK,该站点仅列出全部XSS注射。 http://us.php.net/manual/en/Function.strip-tags.php rel=“nofollow”>strip_tags 不会零敲碎打(多点)注射,我认为这种注射更是偷窃。 您能做的最好事是把你的特性编码成像:PHP scode>htmlentities,然后将其展示到一页。 但是,这将防止超文本出现。
你可以做替代标记,例如论坛如何做(有<条码>[编码][/编码]。 还考虑使用Markdown, 这里使用的同一编辑在StackOverflow,如果你只需要文本格式,便易于使用。
我只想说你能够找到的最有力的特别安全局预防办法。 总的来说,最佳办法是把你想要允许的白色要素和属性(和价值观)列入清单,而不是把你们不喜欢的东西列入黑名单。
我只能在上提供一种基于PHP的解决办法,除了安全外,这种解决办法还有助于确保你的标记有效(供用户提交超文本)。
I see you ve found http://ha.ckers.org/ - I also suggest using OWASP (Open Web Application Security Project) as a resource.
I am trying to create a search text-field like on the Apple website. The HTML looks like this: <div class="frm-search"> <div> <input class="btn" type="image" src="http://www....
I have a div <div id="masterdiv"> which has several child <div>s. Example: <div id="masterdiv"> <div id="childdiv1" /> <div id="childdiv2" /> <div id="...
I m writing a php script to crop an image. The script overwrites the old image with the new one, but when I reload the page (which is supposed to pickup the new image) I still see the old one. ...
<form><input type="file" name="first" onchange="jsFunction(2);"> <input type="file" name="second" onchange="jsFunction(3);"</form> Possible to pass just numbers to the js ...
So I ve got a menu with a hover/selected state and it loads fine in IE6/IE7. However when I scroll down the page and put the element outside of the viewport and then back in I get a broken image! I ...
I am building some basic HTML code for a CMS. One of the page-related options in the CMS is "background image" and "stretch page width / height to background image width / height." so that with large ...
Is it possible to reload a form after file-input change? I have a form where the user can chose an image for upload. I also have a php script which displays that image resized. I only wonder if it ...
I d like to add a simple separator line in an aspx web form. Does anyone know how? It sounds easy enough, but still I can t manage to find how to do it.. 10x!