XSS -Cross Site Scripting - 经典ASP [英] XSS -Cross Site Scripting - Classic ASP

问题描述

大家好，



能告诉我如何避免隐藏字段中的脚本标签。通过POST方法加载页面时，会在页面中插入一些恶意代码，页面中会显示以下语句。



< input type ='隐藏'id-Hid1value =One/>< script>提醒（hi）;< / script>



请让我知道如何避免黑客攻击（发布请求）......





谢谢，

Manowj。

Hi Everyone,

Could you please let me know how to avoid Script tags in the hidden fields. While loading the page through "POST" Method, some malcious code is inserted into the page and the statement below is displayed in the page.

<input type='Hidden' id-"Hid1" value ="One" /><script>alert("hi");</script>

Please let me know how to avoid Hacking(Post Request)...


Thanks,
Manowj.

推荐答案

查看这篇文章

SQL注入和跨站点脚本 [ ^ ]



如果可能，将项目迁移到ASP.NET，它将节省很多令人头疼。



在经典ASP中你可以使用 Server.HTMLEncode [ ^ ]



搜索google了解更多信息，但请使用ASP.NET。

Check this article
SQL Injection and Cross-Site Scripting[^]

If possible migrate your project to ASP.NET, it'll save lot of headaches.

In Classic ASP you could use Server.HTMLEncode[^]

Search google for more but go with ASP.NET.

这篇关于XSS -Cross Site Scripting - 经典ASP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！