This simple trick helps you fend off malicious script injections.
这种简单的技巧有助于避免恶意的脚本注入。
Now, an attacker would need to find somewhere to input a malicious script.
现在,攻击者需要找到某个地方来输入恶意脚本。
In this case, including the malicious script in the path will often execute it.
在这种情况下,包含在该路径中的恶意脚本经常都会执行。
For example, when you read strings out of a database, you should assume that they can contain malicious script.
例如,在从数据库中读取字符串时,您应该假定它们可能包含恶意脚本。
Let us assume an attacker succeeded in filling a page containing malicious script to the Web site for the subscribed members.
让我们假设攻击者成功地将一个包含恶意脚本的页面填入到订阅成员使用的网站上。
The malicious script introduced by the attacker is executed by the browser and the data is passed to the hacker's Web site.
于是浏览器会执行攻击者引入的恶意代码,数据将被传递到黑客的网站。
The Help URL that is part of the snippet file can potentially execute a malicious script file or display an offensive Web site.
程序码片段档案内的说明url可能会执行恶意的指令码档或显示含有恶意的网站。
When an attacker introduces a malicious script to a dynamic form submitted by the user, a cross-site scripting (XSS) attack then occurs.
当攻击者向用户提交的动态表单引入恶意脚本时,就会产生跨站点脚本(XSS)攻击。
If the application has XSS holes, the attacker may send a malicious script that can still be executed by the application and lead to XSS intrusions.
如果应用程序有xss漏洞,攻击者就可能会发送能被应用程序执行的恶意脚本,导致XSS侵入。
Cross-site scripting attacks allow hackers to embed a malicious script on your visitor's browser and then execute the script in order to gather data.
跨站点脚本攻击使黑客能够将恶意脚本嵌入到访问者的浏览器中,然后执行该脚本收集数据。
When the page is displayed, the malicious script runs, collects the users' cookies, and sends a request to the attacker's Web site with the cookies gathered.
显示该页面时,恶意脚本就运行,它收集用户的cookie,并向攻击者的网站发送包含收集到的 cookie 的请求。
Malicious script that is embedded in input submitted to a Web site and later written back out to a client can appear to be originating from a trusted source.
嵌入到输入中的恶意脚本(提交到网站并且随后写回客户端)可以看起来像是来自受信任的源。
In the sample application, the user can post comments to the server. To demonstrate the threat of malicious script, enter the text from Listing 2 in the enter comments area.
在示例应用程序中,用户可以向服务器发表评论。
Similarly, any time that you write a string into a page, you should assume that the string could contain malicious script (unless you programmatically created the string yourself).
同样,每次将字符串写入页时,您都应该假定字符串可能包含恶意脚本(除非您自己以编程方式创建了字符串)。
Several security enhancements are included, from closing script vulnerabilities to phishing protection, but most of them won't affect your work unless you happen to be writing malicious code.
这包括若干安全增强,例如关闭脚本漏洞和欺骗保护。而且,大部分增强不会影响您的工作,除非您正打算编写恶意代码。
There are other ways that malicious users can exploit script.
恶意用户还可以使用其他方法来利用脚本。
A variation on a script exploit is one that causes malicious SQL statements to be executed.
有一种脚本利用的变体可以导致恶意sql语句的执行。
NET Web pages automatically validate that malicious users are not attempting to send script to your application.
NET网页将自动验证恶意用户没有尝试将脚本发送给您的应用程序。
This control can be used to display user input, which might include malicious client script.
警告此控件可用来显示用户输入,而该输入可能包含恶意的客户端脚本。
It is possible for a malicious user to use the postback script to send arbitrary post events to server controls.
恶意用户有可能使用回发脚本向服务器控件发送任意发送事件。
Should be noted that viruses and worms as the abuse of the script, the script delete the files may be mistaken for malicious code!
需要说明的是由于病毒及蠕虫对脚本的滥用,脚本删除文件时可能会被被误认为恶意代码!
A malicious user manages to get code (script) to execute by masking it as user input from a page or as a link.
恶意使用者能够取得要执行的程序码(指令码),方法是将其伪装成页面的使用者输入或连结。
Before displaying user input, the input must be checked for malicious client script, such as executable script or SQL statements.
显示使用者输入之前,必须先检查输入是否有恶意用户端指令码,例如可执行的指令码或SQL陈述式。
They can include potentially malicious client script.
它们可能包含恶意的用户端指令码。
User input in a Web page can include potentially malicious client script.
安全说明网页中的用户输入可能包括潜在有害的客户端脚本。
User input in a Web page can include potentially malicious client script.
安全说明网页中的用户输入可能包括潜在有害的客户端脚本。
应用推荐