Web????????XSS
???????????? ???????[ 2014/3/10 15:48:50 ] ????????XSS Web???? ??? JavaScript
????XSS ???(Cross Site Scripting) ???????????? ??Web?????г?????????????????????????????????(????JavaScript)?? ?????????????????????????????????????У????????????????. ???????????Cookie?????????????????Я???????
??????????????????????XSS???????????????????????? ??????Ч????XSS???????
????XSS ????η???????
?????????????????textbox
????<input type="text" name="address1" value="value1from">
????value1from?????????????????????????????value1from?????????? "/><script>alert(document.cookie)</script><!- ???????
????<input type="text" name="address1" value=""/><script>alert(document.cookie)</script><!- ">
????????JavaScript?????????
?????????????????? "onfocus="alert(document.cookie) ???????
????<input type="text" name="address1" value="" onfocus="alert(document.cookie)">
??????????????????????JavaScript?????????
??????????????????????????????????????
??????????????????????????QueryString(????URL??)??Cookie???????????. ???????
????HTML Encode
????XSS?????????? ???????????????????????? ????????????????????????????HTML Encode????? ?????е?"??????"?? “??????”??“????” ??????????????б???
??????C#????????????????????????HttpUtility.HtmlEncode("string <scritp>") ??????? ?????????System.Web??????
????Fiddler???????????????? ???Toolbar???"TextWizard" ???
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11