我想要防止xss攻击。但是当我想要保存表单数据时,我将表单数据转换为xml.now我想问它不会出问题吗?如何防止xss但将数据转换为xml?
oXmlDoc = parser.parseFromString($get(MasterObj + "txtScriptGroupXML").value, 'text/xml');
var oXmlNodes = $(oXmlDoc).find("Root").find("Tb");
var XmlNodesLen = oXmlNodes.length;
if (oXmlNodes.length > 0) {
xmlStr = "<ReportsEntity>";
for (var i = 0; i < XmlNodesLen; i++) {
xmlStr = xmlStr + "<ModifyCreditInput>";
xmlStr = xmlStr + "<Type>" + $get(MasterObj + "CmbGroupCode").value + "</Type>";
xmlStr = xmlStr + "<StartDate>" + SDate + "</StartDate>";
xmlStr = xmlStr + "<EndDate>" + EDate + "</EndDate>";
}
$get(MasterObj + "txtXml").value = xmlStr;
return SaveMode;
您可以在web.config应用程序中保护您的应用程序。将代码放在web.config中的代码下面。
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" /><!--To remove X-Powered-By from header to hide dev platform info-->
<add name="X-XSS-Protection" value="1; mode=block" />
</customHeaders>
</httpProtocol>