如果您的程序是数据的浏览器或者编辑器——比如文字处理器或者图像显示器——那么那些数据有可能来自攻击者,所以那是不可信的输入。
If your program is a viewer or editor of data—such as a word processor or an image displayer—that data might be from an attacker, so it's an untrusted input.
一种保护在文档透明性基础上构建的敏感数据免受攻击的方法是通过加密部分 XML 文档来降低透明性。
One way to protect sensitive data from attacks built on document transparency is to curtail the transparency by encrypting parts of XML documents.
使用看起来可信任的中间媒介传输恶意数据的攻击被称为“交叉站点恶意内容”攻击。
Attacks that exploit an apparently trustworthy intermediary to pass on malicious data are called "cross-site malicious content" attacks.
应用推荐