This article is a translated version of the XSS defense Checklist Https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_SheetIntroductionThis article describes a simple positive pattern that properly uses output transcoding or escaping (encoding or escaping) to defend against XSS attacks.Despite the huge amount of XSS attacks, following some simple rules can completely prevent this kind of serious attack.This article does not discuss the commercial and technical impact
node. js file read/write, convert sheet Atlas data to keel animation Atlas data
var fs = require("fs")
var readline = require("readline");
var rl = readline.createInterface({
input:process.stdin,
output:process.stdout
});
var path = undefined;
var dbName = undefined;
rl.question("请输入文件名",function(answer){
path
custom implementation.
Escape MisunderstandingIt's not that it's absolutely safe after escaping, for example1 The following code can be executed in Content-type as an XHTML document2 The following code, Escape is lost, interface execution can draw any DOM
Common Security methodsIt is generally assumed that InnerText does not execute code and can mitigate XSS attacks instead of innerHTML, but also relies on tags, and the following example can execute code
Dom b
Swift's some quick look-up tables, reproduced, but paste the code when the line is a problem, this How to solve? Do not like the format can see the original: http://codeinswift.com/swift-cheat-sheet/ Basicsprintln ("Hello, World") var myvariable =//variable (can ' t is nil) letπ= 3.1415926//constant Let (x, y) = (10, 20) x = ten, y = explicitdouble:double = 1_000.000_1//1,000.0001 Let label = "some text"
ArticleDirectory
Preface
Body
How far have we been
Enter webmatrix 2
Node. js smart sensing
Support for Jade and ejs
Best less editor on the planet
Coffeescript Editor
Mobile Simulator
Expansion and Open Source
Participate
Original
Attachment (English-Chinese)
Preface
Now, node.
forum:var sheet = Document.createstylesheet ();Sheet.addrule (' body ', ' background-color:red ');Success, but very troublesome, to take the string apart, a long write dead, tired like a dog.Keep searching, find the code on a blog that doesn't know what language the country is in:Document.createstylesheet ("javascript: ' Body{background-color:blue; '");Success, this person is really bad, but the problem comes out, the URL maximum 255 characters, a li
Express is a simple and flexible node. jsWeb application development framework, which provides a series of powerful features to help you create a variety of Web and mobile device applications. This article introduces the nodejs express tutorials, if you are interested, Express is a simple and flexible node. the js Web application development framework provides a
JS Traversal sub-node idea element
The element attribute method of Js node idea
Remove all child nodes before adding child nodes
var Usernameele = document.getElementById ("username");var childs = Usernameele.childnodes;for (var i = childs.length-1 i >= 0; i--) {Usernameele.removechild (Childs[i]);}var username = docu
Js node Pip element attribute method//Delete all child nodes before adding subnodes var Usernameele = document.getElementById ("username"); var childs = Usernameele.childnodes; for (var i = childs.length-1; I >= 0; i--) {usernameele.removechild (childs[i]); } var username = document.createTextNode (obj.username); Usernameele.appendchild (username); Property: NextSibling Returns the next sibling
In the daily work will often use to convert some Excel form files into Json,xml,js and other formats, the following is the NPM I used in everyday.1, Node-xlsx:NODE-XLSX can convert Excel files to the above mentioned several file formats, the common way to see GitHub source code and examples: node-xlsxReferencing directly in the action filevar xlsx = require ("
node_xj = require("xls-to-json"); node_xj({ input: "test.xls", // input xls output: "output.json" // output json //sheet: "sheet1", // specific sheetname }, function(err, result) { if(err) { console.error(err); } else { console.log(result); } });
This is the code of the above website that is directly pasted. Then, when the sheet error occurs, I directly comment it out.
Put test.xls in the sa
The company uses Bugzilla to manage the product bug, recently made a thing with node. js, it is convenient to be able to import the relevant information of the Bug into Excel table, so as to follow the management analysis.Paste the code directly, write the comments. Reprint please indicate the source.var request = require ("request") var Cheerio = require ("Cheerio"); var Excel = require (' Exceljs '); var
become performance and bad. These are called Demonic Evil regexes:
To group repeating text
Duplicate content within a repeating group([a-zA-Z]+)*, (a+)+ or (a|a?)+ in the aaaaaaaaaaaaaaaaaaaaaaaa! face of such input, are fragile. This can cause a lot of computation. For more details, refer to Redos.
You can use the Node.js tool Safe-regex this to detect your regular:‘(beep|boop)*‘true $ node safe.js ‘(a+){10}‘false Error handling
encryption is also very simple easy, is the ordinary hash added a salt value. Return to the theme, found that this module can also generate a random number, so, hee,/** * Gets a random 10-digit number */exports.validcode =function (callback) { crypto.randombytes (10,function (ex,buf) { if (ex) Throw ex; Callback (BUF); });Carefully looked at, all is the bug, the road is still very long ah, next completes the login, then is consummates this several modules, the log, the encry
Image sites are often numerous ads, using node. js to write a crawler download pictures, code is not long, save a lot more, than a manual a sheet of storage is the difference between heaven and land.The following code is a download from the mtl.ttsqgs.com image of the program, the image address is to see the source of the Web site, a total of how many can be foun
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.