xss

Design and Implementation of XSS Vulnerability Detection Tool Based on Crawler

基于爬虫的XSS漏洞检测工具设计与实现

Ways to check whether your site is protected from XSS

检查您的站点是否处于XSS攻击保护的方法

According to the problem proposed above , this paper makes a research on the server-client cooperation XSS defense method .

为此，提出基于服务器端-客户端协作的跨站脚本攻击防御方法。

It 's now almost impossible to have an accidental XSS attack .

现在偶然出现一个XSS攻击已经不太可能了。

Preventing XSS attacks requires diligence from the part of the programmers and the necessary security testing .

防止XSS攻击，需要勤奋的程序员和必要的安全测试。

At the core of a traditional XSS attack lies a vulnerable script in the vulnerable site .

传统的XSS攻击的核心处位于脆弱的站点中的脆弱的脚本。

To protect against XSS attacks , you need to scrub all inputs .

要防止遭受XSS攻击，需要清理所有输入。

How to secure a site against XSS attacks

如何保护站点不受XSS攻击

On-demand scripts can include malicious code aimed at exploiting security vulnerabilities such as XSS .

按需脚本可能包含打算攻击XXS等安全漏洞的恶意代码。

It also describes cross-site scripting ( XSS ), which has become a popular security buzzword .

它也能描述一个跨站点的脚本语言（XSS），成为一个流行的词语。

Note : This regular expression should not be used in production environments as it is not secure against XSS attacks .

注意：这个正则表达式不应该使用在生产环境中，因为它对于XSS攻击不安全。

The first is by far the most popular : cross-site scripting ( XSS ) .

第一个漏洞是最流行的：跨站脚本编程（cross-sitescripting，XSS）。

Checking that a site is secure from XSS attacks is the logical conclusion of securing the site .

检查站点免于遭受XSS攻击是加强站点安全保护的必然结论。

You 've probably heard this called cross-site scripting ( XSS ) vulnerabilities .

您可能听说过称为cross-sitescripting（XSS）的漏洞。

An XSS vulnerability occurs when a user has the ability to inject HTML code into your Web pages .

当用户能够把HTML代码注入到您的Web页面中时，就是出现了XSS漏洞。

If you know nothing about XSS or CSRF , take the time to learn more about these security vulnerabilities .

如果你知道什么的XSS或CSRF的，花时间去学习更多的有关这些安全漏洞。

That is why most examples for XSS attacks use the Alert function , which makes it very easy to detect its success .

这就是为什么大部分XSS攻击的实例使用Alert方法，因为这很容易检测其成功。

Unlike those , the XSS attack involves three parties : the attacker , the client , and the Web site .

与那些攻击不同的是，XSS攻击同时涉及三个群体：黑客、客户端和Web站点。

Many site owners dismiss XSS on the grounds that it cannot be used to steal sensitive data from a back-end database .

许多网站所有者驳回，理由是，它不能被用来窃取敏感数据从后端数据库的XSS攻击。

XSS attacks work by supplying input that a program does not expect and exploiting how it handles rogue input .

XSS通过提供程序不期望的输入，然后利用程序对无赖输入的处理方式发动进攻。

A mashup application or page must address CSRF , Ajax vulnerabilities , XSS , and other potential security weaknesses .

mashup应用程序或页面必须解决CSRF、Ajax漏洞、XSS和其他潜在的安全漏洞。

In a typical XSS attack the hacker infects a legitimate web page with his malicious client-side script .

在一个典型的XSS攻击的黑客与他的恶意客户端脚本感染合法的网页。

Finally , make sure your PHP code is resilient to XSS attacks , form spoofs , and CSRF attacks .

最后，确保PHP代码可以抵抗XSS攻击、表单欺骗和CSRF攻击。

These weaknesses of coding in Web 2.0 sites are known in the security industry as cross-site scripting , or XSS vulnerabilities .

网络安全业内将web2.0网站内的这些编码缺陷，称为跨站脚本（xss）或跨站脚本漏洞。

Increased protection from attacks such as Cross-site Scripting ( XSS ), SQL Injection and Remote File Inclusions ( RFI ) .

更多的安全防护措施，如跨站脚本（XSS）、SQL注入及远程文件包含（RFI）。

There are many slight variations to this theme , however all XSS attacks follow this pattern , which is depicted in the diagram below .

这个主题有许多细微变化，但是所有的XSS攻击遵循这种模式，这是图中的描述如下。

Causing the JavaScript pop-up window to emerge usually suffices to demonstrate that a site is vulnerable to an XSS attack .

引发JavaScript弹出窗口的出现通常足够说明该站点容易受到XSS攻击。

If your Web application does not guard against XSS attacks , the only limit to the harm done is the imagination of the attacker .

如果您的Web应用程序不针对XSS攻击进行保护，则会造成严重的破坏。

XSS is a similar kind of problem ; this time , the untrusted data is targeted at the people browsing your site , rather than your application itself .

XSS也是一个类似的问题。不过这一次不受信任的数据瞄准的是浏览站点的人们，而不是应用程序本身。

Guard against Cross-Site Scripting ( XSS ) vulnerabilities

保护跨站点脚本（Cross-sitescripting，XSS）漏洞