跨站脚本相关查询 |网络应用安全
我读到我们可以过滤元字符等等。我知道这一切。那个教程里是这样写的。
用脚本攻击网站的人,其基本格式是这样的。
<script>alert("Hi")</script>
因此,使用的特殊字符如下所示。
< > ( ) " /
因此,在该教程中,它是这样写的,您可以根据您的输入转换该字符。 诸如此类
< = &bc
< = &mb
。那么如何转换这样的特殊字符我应该在代码中编写什么呢?
I have read that we can filter meta characters and all that. I know all about that. In that tutorial there were written like this.
People who attack site with script, its basic format is like this.
<script>alert("Hi")</script>
So the special characters, which are used are shown below.
< > ( ) " /
So in that tutorial it’s written like this you can convert this character as per your input.
Like
< = &bc
< = &mb
and so on. Then how to convert this special characters like this what should I have to write in code?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
为了完成您的要求,可以使用 string.fromCharCode() 函数。上面的语句可以写如下,它适用于一些基本的过滤器。
In order to accomplish what you are asking for is by using string.fromCharCode() function. the above statement can be written as follows and it works for few basic filters.