本文介绍了在ColdFusion中如何消除跨站点脚本的漏洞的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

为ColdFusion停止跨站点脚本的最佳方法是什么?

What is the best way to stop Cross-Site Scripting for ColdFusion?

在CF Admin中是否有要设置的设置,或者您可以在其中放置代码?

Is there a setting to set in the CF Admin or is their code in you can put in Application.cfc?

示例代码:

http://test.com/file.cfm?center=fisCenter')" onmouseover="alert('Insert Hax Here.')" style="display:block;position:absolute;top:0;left:0;width:10000px;height:10000px;z-index:100">


推荐答案

这似乎是我到目前为止一直在寻找的答案。

This seems to be the answer I was looking for so far.

<!--- In Application.cfc --->
<cfscript>
  this.scriptprotect = "all";
</cfscript>


<!--- In OnRequestStart in Application.cfc --->
<cfscript>
  sanitizeScope(url);
</cfscript>

<!--- CF10 Canonicalize --->
<cfscript>
/* This function decodes any particular scope values */
public void function sanitizeScope( struct scope )
  {
    for( var key in scope )
    {
      scope[key] = canonicalize(scope[key], false, false);
    }
  }
</cfscript>

这篇关于在ColdFusion中如何消除跨站点脚本的漏洞的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-20 07:58
查看更多