Xóa bài viết
Bạn có chắc chắn muốn xóa bài viết này không ?
Injecting client-side scripts contain malicious content (e.g. steal cookies data) into web pages via:
- Non-Persistent/Reflected: data provided by a web client (query params, form inputs) is used immediately by server-side scripts to parse and display a page of results for and to that user, without properly sanitizing the request.
- Persistent/Stored: data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping.
- Validating untrusted input.
- Encoding/escaping string output.
- Cookie security: there are some flags to secure cookies
securecookie can only be transmitted over an encrypted connection (i.e. HTTPS).
Cùng một tác giả
Bài viết liên quan