很高兴nodeclub官方接受我的建议成功防范住了XSS攻击
发布于 2年前 作者 j4cnodejs 1237 次浏览

##很高兴nodeclub官方接受我的建议修复了XSS漏洞, 成功防范住了XSS攻击! ##而且还不破坏安全的HTML标签 大家可以看看我原来发的这个帖子实验帖子:关于cnodejs官网的XSS和CSRF=>我的解决方案! , 在官方修复bug前, 文中的[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[@snoopy](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy) 这个链接是被 escape成源码显示, 现在这个链接也正常了; 在修复bug前, 那个引用自[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[@snoopy](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy) 原文的“传送门”链接(实为XSS攻击代码),是可以点击并导致XSS攻击的, 现在已经被安全过滤,变成了无危害的链接地址!

作为开源社区,我们要感谢[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[@snoopy](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy)](/user/snoopy) 同学发现了xss漏洞并透露了攻击方法, 也要感谢[[[[[[[[[[[@leizongmin](/user/leizongmin)](/user/leizongmin)](/user/leizongmin)](/user/leizongmin)](/user/leizongmin)](/user/leizongmin)](/user/leizongmin)](/user/leizongmin)](/user/leizongmin)](/user/leizongmin)](/user/leizongmin) 同学富有创意和激情的XSS攻击测试, 更要感谢官方核心[[[[[[[[[[[@suqian](/user/suqian)](/user/suqian)](/user/suqian)](/user/suqian)](/user/suqian)](/user/suqian)](/user/suqian)](/user/suqian)](/user/suqian)](/user/suqian)](/user/suqian) 们采纳了建议修复了xss BUG!

1 回复

鼓掌~~

回到顶部