XSS cross-site scripting Solution

If you enter some content in the user form ,...... In particular, there are many form items with no fixed format, such as addresses and articles ...... In this case, you can enter JS code to execute
 
Step 1: In the design scheme, try to check the format and limit the length of the input item. Server-side detection is required and cannot rely on client detection. Limit the length of fields in database design ......
 
HTML transcoding is required when the page is output, such as the output address content.
 
<Td> <% = convert.html (cus. getAddress () %> </td>
 
 
 
Public static String html (String content ){
 
If (content = null) return "";
 
String html = content;
 

 
Html = html. replaceAll ("&", "& amp;"); // www.2cto.com replace & No.
 
Html = html. replace ("\" "," & quot; "); //" replace double quotation marks
 
Html = html. replace ("\ t", "& nbsp;"); // replace the hop Cell
 
Html = html. replace ("", "& nbsp;"); // replace Spaces
 
Html = html. replace ("<", "& lt ;");
 
Html = html. replaceAll (">", "& gt ;");
 
Return html;
 
}
 


Some users perform HTML encoding when receiving the database. If the output carrier is an HTML page, they must transcode it when receiving the database ....... For user controls, HTML transcoding is not performed.
 
What is really troublesome is that in some cases we need to allow users to input HTML and filter scripts. Tidy and other HTML cleanup libraries can help ...... This article does not discuss this situation ......
 
Step 2: Detection
 
This module detects the page when the user input content is displayed and displays the content according to the list listed above.
 
Step 3: detection result record table
 
Step 4: Perform Repair Based on the detection results and record the repair results on the record table.
 
Step 5: Review the review results on the record table

From the attilax Column