是否有一个javascript库可用于过滤掉XSS攻击的字符串？ [英] Is there a javascript library which can be used to filter out strings for XSS attacks?

问题描述

是否存在类似于HTMLPurifier等库的Javascript，它会从字符串中删除XSS代码？

Is there a Javascript equivalent of libraries like HTMLPurifier, which remove XSS code from strings?

推荐答案

一般来说，由时间Javascript代码正在运行，保护自己免受XSS攻击已经太晚了。您需要在服务器而不是客户端防止它。

Generally speaking, by the time Javascript code is running, it's too late to protect yourself against an XSS attack. You need to protect against it at the server, not the client.

这篇关于是否有一个javascript库可用于过滤掉XSS攻击的字符串？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！