You’ll read more about XSS later.
你之后会看到关于xss的更多内容。
Stolen cookies: XSS attack results
cookie 受窃:XSS攻击的后果
An XSS attack leads to undesirable effects.
XSS攻击会导致不良后果。
Listing 2. An example URL for reflected XSS.
清单2.reflected XSS攻击的一个示例url。
In many cases CSRF and XSS will help to do so.
在许多情况下,CSRF和XSS都有助于这样做。
Other ways to perform traditional XSS attacks.
执行传统的XSS攻击的其他方式。
Ways to check whether your site is protected from XSS.
检查您的站点是否处于XSS攻击保护的方法。
Guard against Cross-Site Scripting (XSS) vulnerabilities.
保护跨站点脚本(Cross - site scripting,XSS)漏洞。
To protect against XSS attacks, you need to scrub all inputs.
要防止遭受 XSS攻击,需要清理所有输入。
XSS results from malicious scripts being injected into a Web site.
XSS由注入Web站点的恶意脚本而导致。
This security restriction is to avoid cross-site scripting attacks (XSS).
这个安全限制是为了避免跨站点脚本攻击(XSS)。
You've probably heard this called cross-site scripting (XSS) vulnerabilities.
您可能听说过称为cross - sitescripting (XSS)的漏洞。
Listing 10 demonstrates how the form could print the results, allowing an XSS attack.
清单10演示了允许XSS攻击的表单如何输出结果。
At the core of a traditional XSS attack lies a vulnerable script in the vulnerable site.
传统的XSS攻击的核心处位于脆弱的站点中的脆弱的脚本。
A user can help reduce his susceptibility to an XSS-style attack in five significant ways
用户可以通过5 个有效手段来减少XSS 类型的攻击
The following is a checklist of ways for webmasters and developers to prevent XSS attacks.
下面是站点管理员和开发人员可用来阻止XSS攻击的检查列表。
Finally, make sure your PHP code is resilient to XSS attacks, form spoofs, and CSRF attacks.
最后,确保PHP代码可以抵抗XSS攻击、表单欺骗和CSRF攻击。
In either case, input value validation and sanitization are the key to preventing XSS attacks.
不管怎样,输入值验证和数据消毒(sanitation)是防止XSS攻击的关键因素。
This piece of code is vulnerable to XSS attacks because no check is made to validate the input.
这段代码很容易受xss攻击,因为没有进行任何的输入验证。
An XSS vulnerability occurs when a user has the ability to inject HTML code into your Web pages.
当用户能够把HTML代码注入到您的web页面中时,就是出现了xss漏洞。
Unlike those, the XSS attack involves three parties: the attacker, the client, and the Web site.
与那些攻击不同的是,XSS攻击同时涉及三个群体:黑客、客户端和Web站点。
Much like the recent Mikeey worm on Twitter, this XSS issue is a result of poor output filtering.
和最近Twitter上的Mikeey病毒一样,该漏洞也是输出过滤(out put filtering)处理不当的结果。
XSS has been used to steal passwords, steal credit card Numbers, forge news stories, and much more.
XSS曾被用于窃取密码、窃取信用卡卡号、伪造新闻等等。
The following examples are intended to help you recognize the areas that are vulnerable to XSS attack.
下面的例子可以帮助您识别易受XSS攻击的领域。
On-demand scripts can include malicious code aimed at exploiting security vulnerabilities such as XSS.
按需脚本可能包含打算攻击XXS等安全漏洞的恶意代码。
At the heart of the XSS vulnerability is an application that filters user data improperly once submitted.
XSS攻击的核心是一个应用程序,该应用程序可以在用户数据提交之后进行过滤。
This can result in all kinds of attacks (similar to XSS), including the theft of sensitive user information.
这样会导致各种类型的攻击(类似于XSS),包括盗取用户的敏感信息。
XSS attacks work by supplying input that a program does not expect and exploiting how it handles rogue input.
XSS通过提供程序不期望的输入,然后利用程序对无赖输入的处理方式发动进攻。
That is why most examples for XSS attacks use the Alert function, which makes it very easy to detect its success.
这就是为什么大部分XSS攻击的实例使用Alert方法,因为这很容易检测其成功。
A mashup application or page must address CSRF, Ajax vulnerabilities, XSS, and other potential security weaknesses.
mashup应用程序或页面必须解决CSRF、Ajax漏洞、XSS和其他潜在的安全漏洞。
应用推荐