JSP XSS攻击

jsp如何修复xss攻击

小新
540
2020-12-21 17:11:22
栏目: 编程语言

jsp如何修复xss攻击

jsp修复xss攻击的方法:

jsp页面接收参数时,对参数进行过滤处理,例如:

1.请求链接:

http://a.b.com/login.jsp?successUrl=<script>alert(111)</script>

2.参数过滤:

String successUrl =request.getParameter("successUrl");  

if(StringUtil.isNotNull(successUrl)){  

    successUrl = successUrl.replaceAll("<","")//匹配尖括号  

                           .replaceAll(">","")//匹配尖括号  

                           .replaceAll("\"","")//匹配双引号  

                           .replaceAll("\'","")//匹配单引号  

                           .replaceAll("\\(.*?\\)","")//匹配左右括号  

                           .replaceAll("[+]","");//匹配加号  

}

3.jsp页面中使用参数如下:

<input type="hidden" name="hidden" id="_hidden" value="<%=successUrl%>" />

0
看了该问题的人还看了