ASP prevents outbound, Cross-domain submissions

<%
From_url=request.servervariables ("Http_referer")
Serv_url=request.servervariables ("Http_host")

If InStr (From_url,serv_url) <>0 and InStr (From_url, "reg.asp") <>0 Then
Response.Write "Right!"
Else
Response.Write "Illegal Submission!"
End If
%>


You wrote it.
<%
if Mid (From_url,8,len (serv_url)) <>serv_url or InStr (From_url, "reg.asp") =0 Then
Response.Write "<script>alert ('Parameter Commit Error! Please do not modify the link! '); this.location.href= ' index.asp ';</script> '
Response.End
End If
%>

Look at the red part.
I wrote that judgment condition.
1. InStr (From_url,serv_url) <>0 judge whether the same domain name, when the domain name is the same, returntrue
2. InStr (From_url, "reg.asp") <>0 judge whether to submit from reg.asp, when it is submitted from reg.asp, returntrue
When 1 and 2areTrue and True=true when set upSubmit is correct, otherwise it's illegal to commit.


The judgment you wrote.
1. Mid (From_url,8,len (serv_url)) <>serv_ur judge whether the same domain name, is the same domain name, returnsfalse
2. InStr (From_url, "reg.asp") =0 judged whether to submit from Reg.asp, was submitted from reg.asp, returnedfalse
When 1 was establishedorWhen 2 was established,
True or False=true
False or True=true
is to showIncorrect submission
The correct commit is only if 1 is false and 2 is false



So, you write the code is not wrong, logically the same principle, but your code is illegally submitted when return true, my code is the correct submission of the time return True

And that's when it's illegal to commit. Returns True
If not (InStr (From_url,serv_url) <>0 and InStr (From_url, "reg.asp") <>0) Then
Response.Write "Illegal Submission!"
End If

At first it is not clear whether the landlord needs to be in the correct submission of the time also to execute the code, so write my original kind, if only need to judge the illegal submission only need to execute code, with the code you write is OK, with or