本文介绍了在ColdFusion中如何消除跨站点脚本的漏洞的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
为ColdFusion停止跨站点脚本的最佳方法是什么?
What is the best way to stop Cross-Site Scripting for ColdFusion?
在CF Admin中是否有要设置的设置,或者您可以在其中放置代码?
Is there a setting to set in the CF Admin or is their code in you can put in Application.cfc?
示例代码:
http://test.com/file.cfm?center=fisCenter')" onmouseover="alert('Insert Hax Here.')" style="display:block;position:absolute;top:0;left:0;width:10000px;height:10000px;z-index:100">
推荐答案
这似乎是我到目前为止一直在寻找的答案。
This seems to be the answer I was looking for so far.
<!--- In Application.cfc --->
<cfscript>
this.scriptprotect = "all";
</cfscript>
<!--- In OnRequestStart in Application.cfc --->
<cfscript>
sanitizeScope(url);
</cfscript>
<!--- CF10 Canonicalize --->
<cfscript>
/* This function decodes any particular scope values */
public void function sanitizeScope( struct scope )
{
for( var key in scope )
{
scope[key] = canonicalize(scope[key], false, false);
}
}
</cfscript>
这篇关于在ColdFusion中如何消除跨站点脚本的漏洞的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!