Web Front-endHTML TutorialWatch Your Door - Client-side Data Transmission (10) - Unsafe HTML Disabled Elements_html/css_WEB-ITnose
First of all, it needs to be stated that this article is purely the ignorant opinion of a small developer without any vision or real knowledge, and is only for reference in web system security.
1. Brief explanation
Continuing to tell the story, one day the product manager planned a plan to conduct a promotion. A user can only use the egg coupon once at most.
Developers need to make modifications and adjustments to the system.
Let us imagine the scenario of Internet e-commerce in traditional industries:
Product manager: hurry up to change, hurry up, hurry up and start activities
Operation and maintenance manager: version upgrade, submit online evaluation report, risk test Reports, system test reports, documents signed by the responsible leaders...;
Developer A: Damn, I work from 9 o'clock in the morning to 9 o'clock in the evening, and I have to write so many reports, let me think about how good it is Method...
Developer B: Set restrictions on the html form and disable it after purchasing it once;
Developer A: This is a good method, as long as the html is modified, it does not count as a version upgrade;
Development Manager: Brother Everyone, hurry up and develop;
… (use html to disable elements)
Tester: The test is done. One person can only use the egg coupon once. After using it, it will be gray. I can’t use it anymore. It has reached Target.
Development Manager: Submit for online
…
2. Use HTML to disable elements
After using the page once, the button to confirm purchase is grayed out.
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><title>看好你的门-阿饭同学 </title></head><body> <form action="aShopPrice.action" method="post" name="form1" " > 商品:鸡蛋 优惠券,只能使用一次<br> 您已经使用一次<br> <input type="submit" value="确认购买" disabled="true"/> </form></body></html>
No matter how I click, this button is gray.
3. Being attacked
Oh, I accidentally got attacked again...
1. The simplest method, such as using a proxy server to intercept and then modify it, directly let disabled= false or remove this attribute;
2. For example, let’s keep this page and use the element inspection function to find: disabled=true. Modify the element attributes and remove this code. In this way, the verification will be invalid. Use the egg coupons a few more times. Have some fun. .
4. Thinking about element disabling in HTML
1. Element disabling does not seem to be used much now, but as long as the server adopts the same or even stricter confirmation mechanism as the client, this application It is more difficult to be attacked;
2. Because user input may cause various problems, this method can filter out unintentional errors by users and reduce network traffic and server burden. Therefore, this method The method should still be used.
Difficulty in updating caching of official account web pages: How to avoid the old cache affecting the user experience after version update?Mar 04, 2025 pm 12:32 PMThe official account web page update cache, this thing is simple and simple, and it is complicated enough to drink a pot of it. You worked hard to update the official account article, but the user still opened the old version. Who can bear the taste? In this article, let’s take a look at the twists and turns behind this and how to solve this problem gracefully. After reading it, you can easily deal with various caching problems, allowing your users to always experience the freshest content. Let’s talk about the basics first. To put it bluntly, in order to improve access speed, the browser or server stores some static resources (such as pictures, CSS, JS) or page content. Next time you access it, you can directly retrieve it from the cache without having to download it again, and it is naturally fast. But this thing is also a double-edged sword. The new version is online,
How to efficiently add stroke effects to PNG images on web pages?Mar 04, 2025 pm 02:39 PMThis article demonstrates efficient PNG border addition to webpages using CSS. It argues that CSS offers superior performance compared to JavaScript or libraries, detailing how to adjust border width, style, and color for subtle or prominent effect
How do I use HTML5 form validation attributes to validate user input?Mar 17, 2025 pm 12:27 PMThe article discusses using HTML5 form validation attributes like required, pattern, min, max, and length limits to validate user input directly in the browser.
What is the purpose of the <datalist> element?Mar 21, 2025 pm 12:33 PMThe article discusses the HTML <datalist> element, which enhances forms by providing autocomplete suggestions, improving user experience and reducing errors.Character count: 159
What is the purpose of the <progress> element?Mar 21, 2025 pm 12:34 PMThe article discusses the HTML <progress> element, its purpose, styling, and differences from the <meter> element. The main focus is on using <progress> for task completion and <meter> for stati
What are the best practices for cross-browser compatibility in HTML5?Mar 17, 2025 pm 12:20 PMArticle discusses best practices for ensuring HTML5 cross-browser compatibility, focusing on feature detection, progressive enhancement, and testing methods.
What is the purpose of the <meter> element?Mar 21, 2025 pm 12:35 PMThe article discusses the HTML <meter> element, used for displaying scalar or fractional values within a range, and its common applications in web development. It differentiates <meter> from <progress> and ex
What is the purpose of the <iframe> tag? What are the security considerations when using it?Mar 20, 2025 pm 06:05 PMThe article discusses the <iframe> tag's purpose in embedding external content into webpages, its common uses, security risks, and alternatives like object tags and APIs.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Dreamweaver CS6
Visual web development tools
Dreamweaver Mac version
Visual web development tools
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
Notepad++7.3.1
Easy-to-use and free code editor
Zend Studio 13.0.1
Powerful PHP integrated development environment
