Coverity程式碼弱點掃描修正_jQuery Dom XSS修正
jquery一些DOM操作容易引發DOM 的XSS風險
xss_sink: Calling echo with the tainted value in any argument. The untrusted data reaches a sink that may allow an attacker to control part of the response
幾項備用方案
解法1.
https://github.com/chrisisbeef/jquery-encoder/tree/master/site
解法2.
https://github.com/cure53/DOMPurify
解法3.
https://github.com/leizongmin/js-xss
目前測試採用第一種方式就可以問題排除
JavaScript-Escaping一些library將其引用近來做相應api包覆使用即可
參考Link:
https://www.edgescan.com/wp-content/uploads/2018/08/04.-XSS-and-Encoding-edgescan.pdf
https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/
https://blog.techbridge.cc/2021/05/15/prevent-xss-is-not-that-easy/
https://jsxss.com/zh/starter/quickstart.html
留言
張貼留言