保护JQuery代码免受XSS侵害 [英] Protect JQuery code against XSS

问题描述

我正在处理将数据发布到URL的HTML表单.我还使用Jquery获取查询字符串参数，并将它们添加到我发布到URL的数据中.有什么方法可以防止XSS攻击吗?有HTML编码插件或内置函数吗?

I am working on an HTML form that posts the data to a URL. I am also using Jquery to get query string parameters and add them to the data I post to the URL. Is there any way to protect against XSS attacks? Any HTML encoding plugins or built-in functions?

推荐答案

您无法从XSS保护jQuery. XSS漏洞发生在您的服务器软件中.请查看 Exploit_scenarios ，以更好地了解XSS的工作原理.

You can't protect jQuery from XSS. XSS vulnerability occur in your server software. Take look at Exploit_scenarios for a better understanding how XSS works.

一个输出由用户生成的数据的网站如果输出未经过滤的用户生成内容，则可能存在XSS漏洞，因为这样用户可以使用恶意代码创建<script/>标签.但是您需要先在服务器上对其进行过滤，然后再发送到客户端(浏览器).

A website that outputs data that is user generated has possible XSS vulnerability if it outputs the user generated content unfiltered, because then the user can create a <script/> tag with malicious code. But you need to filter this on the server before sending to the client (browser).

这篇关于保护JQuery代码免受XSS侵害的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！