Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

网络安全之 XSS #42

Open
ronghaoZHI opened this issue Jun 1, 2020 · 0 comments
Open

网络安全之 XSS #42

ronghaoZHI opened this issue Jun 1, 2020 · 0 comments

Comments

@ronghaoZHI
Copy link
Owner

ronghaoZHI commented Jun 1, 2020
edited

XSS

croos-site script 脚本注入攻击

XSS 注入方式

  1. 存储型

  2. 反射型

  3. 基于DOM 型

XSS 防范

  1. 对 </> sql 等特殊字符进行转义

  2. HttpOnly 属性

  3. CSP 设置
@ronghaoZHI ronghaoZHI added the todo label Jun 1, 2020
@ronghaoZHI ronghaoZHI removed the todo label Jun 26, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ronghaoZHI