Cross-Site Scripting是一种较为普遍的HACK攻击方式,曾经遭受Cross-Site Scripting攻击的知名网站众多.现今Ajax技术大兴,应用日趋广泛,Client 端Script 扮演的角色越来越重要,也就不可避免的提升了 Cross-Site Scripting 攻击方式的几率。
Microsoft Anti-Cross Site Scripting Library 是 Microsoft 提供的一个免费的网站防骇类库, 其主要的功能是将所有认为不合法的提交内容进行编码转义, 从而提升网站的安全等级, 降低网站受到Cross Site Scripting 式的攻击的风险。
XSS Libray 包含如下的方法:
Encoding Method | Description |
HtmlEncode | Encodes input strings for use in HTML |
HtmlAttributeEncode | Encodes input strings for use in HTML attributes |
JavaScriptEncode | Encodes input strings for use in JavaScript |
UrlEncode | Encodes input strings for use in Universal Resource Locators (URLs) |
VisualBasicScriptEncode | Encodes input strings for use in Visual Basic Script |
XmlEncode | Encodes input strings for use in XML |
XmlAttributeEncode | Encodes input strings for use in XML attributes |
具体的使用方法及示例,请参考MSDN: http://msdn.microsoft.com/en-us/library/aa973813.aspx
分享到:
相关推荐
4/159 Syngress - Xss Attacks - Cross Site Scripting Exploits And Defense
Cross-site Scripting
XSS 跨站脚本攻击 的防御解决方案 跨站脚本攻击(Cross Site Scripting),为不和层叠样式表(Cascading Style Sheets,CSS)的缩写混淆,故将跨站脚本攻击缩写为XSS。
AE脚本设计参考手册(After-Effects-CS6-Scripting-Guide)
Complete Cross-site Scripting Walkthrough
Cross Site Scripting
photoshop-cc-scripting-guide-2015学习教程
跨站脚本攻击(Cross-Site Scripting,XSS)是一种常见的网络安全漏洞,攻击者通过注入恶意脚本代码到网页中,然后使用户在浏览器中执行这些恶意脚本,从而窃取用户的信息、会话令牌或者执行其他恶意操作。...
the HFSS Scripting Interface. This tool provides a set of MATLAB functions to create 3D objects in HFSS by generating the required HFSS Scripts. Basically, anything that can be done in HFSS user ...
cross_site_scripting.pdf
xss被称为跨站脚本攻击就是(cross-site scripting),由于和CSS重名,所以被称为xss。
ug894-vivado-tcl-scripting.pdfug894-vivado-tcl-scripting.pdfug894-vivado-tcl-scripting.pdfug894-vivado-tcl-scripting.pdf
目前较好的一本介绍跨站脚本攻击(XSS)的书 <br>Cross Site Scripting Attacks starts by defining the terms and laying out the ground work. It assumes that the reader is familiar with basic web ...
英文版 10 Quick Facts About XSS Viruses and Worms" 5 An Overview of Cross-Site Scripting (XSS)" 6 Non-Persistent" 6 Persistent" 9 How They Do It: Methods of Propagation" 10
1.跨站脚本攻击(Cross Site Scripting),为了不和层叠样式表(Cascading Style Sheets, 1.反射型 XSS,相对来说,
游戏脚本设计完全掌握-Game.Scripting.Mastery.part2.rar
《AE脚本设计参考手册V1.0.0》+《After-Effects-CS6-Scripting-Guide》
游戏脚本设计完全掌握-Game.Scripting.Mastery part1 of 2
2.1. 调用一个脚本 2.2. 初步的练习 第二部分. 基本 3. 特殊字符 4. 变量和参数的介绍 4.1. 变量替换 4.2. 变量赋值 4.3. Bash 变量是不分类型的 4.4. 特殊的变量类型 5. 引用(翻译的可能有问题,特指引号) 5.1. 引用...
linux-shell-scripting-fundamentals-bash.epub