开发者

How do I know if my AJAX request is vulnerable to XSS?

问答 作者:

A security firm surprise audited a web app I work on, and told me that there are XSS vulnerabilities. I don't really know where to begin.

This is the AJAX:

new Form.Observer('filter', 0.5, function(element, value) 
{
    startLoad('proposals');; 
    new Ajax.Updater('proposals', 'http://acme.example.dev/stuff/filter', 
        {
            asynchronous:true, evalScripts:tru开发者_如何学Ce, onComplete:function(request)
                {
                }, parameters:value + '&authenticity_token=' + encodeURIComponent('base64StringHere')
        })
});

It's hard to say for sure how to track down the vulnerability, since it's not clear what user input your page is displaying. Since you're using RoR, the best place to start is probably the XSS section of the RoR security guide.

You could also try running a scanner like skipfish. It will try to automatically detect XSS and other security vulnerabilities, and if it finds them it will give you some details and documentation to help fix the problem.

继续阅读:ruby-on-railssecurityxss

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9