防止跨站点脚本 [英] Preventing cross site scripting

问题描述

大家好，

任何人都可以给我样本，以在网页上创建跨站点脚本攻击，以及用于防止此类攻击的技术吗?

作为一名Web开发人员，我想了解XSS.

问候，
S Inayat Basha

Hi all,

Can anyone give me samples for creating a cross site scripting attack on a web-page, and also for techniques that can be used to prevent such attacks?

As I am a Web Developer I wanted to know about XSS.

Regards,
S Inayat Basha

推荐答案

您在这里的基本错误是要求我们提供执行攻击的脚本示例.我们收到脚本小子，要求我们向他们展示如何一直攻击网站和程序，但出于明显的原因，我们不这样做.正如其他人指出的那样，谷歌仍然可以运行，因此没有理由找不到您这样的网站.

保护站点的基本方法是永远不要假设客户端脚本已运行.如果您在客户端上验证输入，则也在服务器上验证它.诸如firebug之类的工具可让您查看页面，在浏览器中对其进行更改，然后将所需的任何数据发布回服务器.

Your basic mistake here was to ask us for an example of script to perform an attack. We get script kiddies asking us to show them how to attack sites and programs all the time, and we don''t do it, for obvious reasons. As others have pointed out, google still works, and so there''s no reason why you couldn''t find sites like yourself.

The basic way to protect your site is to never assume that your client side script has run. If you validate an input on the client, validate it on the server, too. Tools like firebug allow you to view a page, change it in the browser, then post whatever data you want back to the server.

确定. SQL和我所做的工作都涉及构建大量的Classic ASP代码，因此我也在前端考虑了这一点..

但基本上，它与您的数据库有关，如果您编写增强型和防御性查询，则它在很大程度上受到了如此多攻击的保护，例如sql注入和跨站点脚本攻击.
下面的链接对此很有帮助:

http://www.simple-talk.com/sql /t-sql-programming/basic-defensive-database-programming-techniques/ [

ok..I was reading an article on defensive programming in both SQL and since the work I do involves building a large amount of Classic ASP code as well, I was considering that on the front-end too..

but basically its got to do with your database, if you write enhanced and defensive queries, its very much protected against so many attacks..like sql injections and cross-site script attacks..

the link below gives an insight into it very helpful on that :

http://www.simple-talk.com/sql/t-sql-programming/basic-defensive-database-programming-techniques/[^]

我正在为您提供Google Code实验室的链接.
该代码实验室展示了如何利用Web应用程序漏洞以及如何防御这些攻击.

跨站点脚本编写是本教程的一部分，并且解释得很好.他们还提供了一个Web应用程序，该应用程序允许其用户发布文本片段并存储各种文件，以便您可以进行实时实验，从而更好地学习.

这是链接: Web应用程序的利用和防御 [

I am providing you with a link to Google Code labs.
This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks.

Cross Site Scripting is part of the tutorial and is explained quite well. They have also provided a web application that allows its users to publish snippets of text and store assorted files so that you can do live experiment and thus learn better.

Here is the link: Web Application Exploits and Defenses[^].

Spend some time reading the article and I am sure it will help you understand the topic well. :thumbsup:

这篇关于防止跨站点脚本的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！