Measures to prevent XSS vulnerability (like Twitter's one a few days before)

后端 未结 3 1190
离开以前
离开以前 2021-02-09 14:37

Even famous sites like Twitter are suffering from XSS vulnerability, what should we do to prevent this kind of attack?

3条回答
  •  栀梦
    栀梦 (楼主)
    2021-02-09 15:39

    I don't what you write your code with, but if your use asp.net, you are partly covered. asp.net has what they call request validation that when enabled, it prevent malicious script to be introduced via user input.

    But sometimes, you'll have to allow some kind of text editor like the one you typed in this question. In this case, you'll have to partly disable request validation to allow some "rich text" html to be input by the end user. In this case you will have to build some kind of white list filtering mechanism.

    FYI, I don't know about others but Microsft has library called Anti-Xss.

提交回复
热议问题