Home > Article > Web Front-end > Don’t underestimate the security issues caused by commented out JS_javascript tips
Don’t underestimate the security issues caused by commented out JS_javascript tips
- WBOYOriginal
- 2016-05-16 18:57:141096browse
One is the problem of header insertion.
The other is the rn problem.
Let’s look at this piece of code:
1. test
2.
Everyone can see that there seems to be a loophole, but it has been patched and commented out.
Now that it’s commented out, shouldn’t there be a problem?
No.
Look at this URL again
http://localhost/index.jsp?username=kxlzx
alert('kxlzx
Isn’t it frustrating?
The following code was generated:
test
The commented out JS was also executed. <script> <BR>3. //alert('<%=request.getParameter("username")%>'); <BR>4. </script>So, don’t use useless The code, commented out JS, etc. are thrown into html. <script> <BR>//alert('kxlzx <BR>alert('kxlzx '); <BR></script>Code review is a delicate job, and any omissions are worth noting.
Related articles
See more- An in-depth analysis of the Bootstrap list group component
- Detailed explanation of JavaScript function currying
- Complete example of JS password generation and strength detection (with demo source code download)
- Angularjs integrates WeChat UI (weui)
- How to quickly switch between Traditional Chinese and Simplified Chinese with JavaScript and the trick for websites to support switching between Simplified and Traditional Chinese_javascript skills