问题
I am using various 3rd party libs like cordova.js, jquery, jquery mobile, mobilizer and so on, in a an android mobile app.. These libs are found to have various XSS vectors through insecure use of eval, settimeout, inner/outerhtml and so on.
Is there any way by which I could cover/fix these security holes and still use these libs in my app, securely?
回答1:
These vulnerabilities should be reported to the vendor, and you should use their patch.
Exploiting DOM Based XSS and android is possible, however the attack vectors are more limited because usually an attacker cannot exploit one of these vulnerabilities using a simple GET or POST request.
来源:https://stackoverflow.com/questions/15337268/how-to-secure-app-against-xss-vectors-present-in-3rd-party-js-libs