ASP prevents outbound, Cross-domain submissions

Source: Internet
Author: User
Tags commit servervariables

<%
From_url=request.servervariables ("Http_referer")
Serv_url=request.servervariables ("Http_host")

If InStr (From_url,serv_url) <>0 and InStr (From_url, "reg.asp") <>0 Then
Response.Write "Right!"
Else
Response.Write "Illegal Submission!"
End If
%>


You wrote it.
<%
if Mid (From_url,8,len (serv_url)) <>serv_url or InStr (From_url, "reg.asp") =0 Then
Response.Write "<script>alert ('Parameter Commit Error! Please do not modify the link! '); this.location.href= ' index.asp ';</script> '
Response.End
End If
%>

Look at the red part.
I wrote that judgment condition.
1. InStr (From_url,serv_url) <>0 judge whether the same domain name, when the domain name is the same, returntrue
2. InStr (From_url, "reg.asp") <>0 judge whether to submit from reg.asp, when it is submitted from reg.asp, returntrue
When 1 and 2areTrue and True=true when set upSubmit is correct, otherwise it's illegal to commit.


The judgment you wrote.
1. Mid (From_url,8,len (serv_url)) <>serv_ur judge whether the same domain name, is the same domain name, returnsfalse
2. InStr (From_url, "reg.asp") =0 judged whether to submit from Reg.asp, was submitted from reg.asp, returnedfalse
When 1 was establishedorWhen 2 was established,
True or False=true
False or True=true
is to showIncorrect submission
The correct commit is only if 1 is false and 2 is false



So, you write the code is not wrong, logically the same principle, but your code is illegally submitted when return true, my code is the correct submission of the time return True

And that's when it's illegal to commit. Returns True
If not (InStr (From_url,serv_url) <>0 and InStr (From_url, "reg.asp") <>0) Then
Response.Write "Illegal Submission!"
End If

At first it is not clear whether the landlord needs to be in the correct submission of the time also to execute the code, so write my original kind, if only need to judge the illegal submission only need to execute code, with the code you write is OK, with or

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.