开发者

Approach XSS prevention on Html page using javascript

How to escape textbox contents of form using javascript(not jsp page) to avoid xss.It must b开发者_运维技巧e redered properly on page while submitting form.


Insert the text into the document using document.appendChild, document.createTextNode and friends instead of a property (such as innerHTML) that accepts raw HTML.


"Insert the text into the document using document.appendChild, document.createTextNode and friends instead of a property (such as innerHTML) that accepts raw HTML."

as Quentin says, or, using an existing textbox, use the value property:

textObject.value="value"
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜