修复dom型xss漏洞的方式有以下几种使用@InitBinder方法import org.springframework.stereotype.Controller;import org.springframework.WEB.bind.W
修复dom型xss漏洞的方式有以下几种
使用@InitBinder方法
import org.springframework.stereotype.Controller;
import org.springframework.WEB.bind.WebDataBinder;
import org.springframework.web.bind.annotation.InitBinder;
@Controller
public class BaseController {
@InitBinder
public void webInitBinder(WebDataBinder binder){
binder.reGISterCustomEditor(String.class, new StringEditor());
}
}
public class StringEditor extends PropertyEditorSupport {
@Override
public void setAsText(String text) throws IllegalArgumentException {
if (StringUtils.isBlank(text)) {
return;
}
try {
//Spring自带html标签转义与反转义
super.setValue(HtmlUtils.htmlEscape(text));
} catch (Exception e) {
throw new IllegalArgumentException(e);
}
}
}
使用WebBindingInitializer方法
public class WebBinderInitializerUtils implements WebBindingInitializer{
@Override
public void initBinder(WebDataBinder binder, WebRequest request) {
binder.registerCustomEditor(String.class,new StringEditor());
}
}
public class StringEditor extends PropertyEditorSupport {
@Override
public void setAsText(String text) throws IllegalArgumentException {
if (StringUtils.isBlank(text)) {
return;
}
try {
//Spring自带html标签转义与反转义
super.setValue(HtmlUtils.htmlEscape(text));
} catch (Exception e) {
throw new IllegalArgumentException(e);
}
}
}
使用HttpOnly方法
response.setHeader("Set-Cookie", "cookiename=value;
Path=/;Domain=domainvalue;Max-Age=seconds;HTTPOnly");
--结束END--
本文标题: dom型xss漏洞修复方式有哪些
本文链接: https://www.lsjlt.com/news/114300.html(转载时请注明来源链接)
有问题或投稿请发送至: 邮箱/279061341@qq.com QQ/279061341
下载Word文档到电脑,方便收藏和打印~
2024-05-09
2024-05-09
2024-05-09
2024-05-09
2024-05-09
2024-05-09
2024-05-09
2024-05-09
2024-05-09
2024-05-09
回答
回答
回答
回答
回答
回答
回答
回答
回答
回答
0