We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
此处代码对于scheduleTitle直接进行了.val()获取值,而不是将其直接使用html进行转义,存在XSS漏洞 故可以在输入日程title的地方轻易构造xss 推荐防御:使用htmlspecialchars()函数将特殊字符转换为HTML实体
测试单位:山东大学网络空间安全学院
The text was updated successfully, but these errors were encountered:
No branches or pull requests
此处代码对于scheduleTitle直接进行了.val()获取值,而不是将其直接使用html进行转义,存在XSS漏洞
故可以在输入日程title的地方轻易构造xss
推荐防御:使用htmlspecialchars()函数将特殊字符转换为HTML实体
测试单位:山东大学网络空间安全学院
The text was updated successfully, but these errors were encountered: