发表新帖
发表新帖

Prevent malicious user from executing JavaScript

后端 未结
关注
2 1969
深忆病人
深忆病人 2021-01-23 04:14

In my JSP I have a function like fnGetTicketDetails: 

function fnGetTicketDetails(record){
    $(\"#TicketNumber\").val(record);
    $(\"#TicketDeta
2条回答
  • 死守一世寂寞
    死守一世寂寞 (楼主)
    2021-01-23 04:59

    You can't prevent the user from doing this.

    You must treat all input from the user including all requests sent by your JavaScript as untrusted.

    That means that the server must verify that the request from the user is legitimate (i.e. it must check if the current user has permission to read the specified detail).

    Relying on hidden fields and JavaScript to keep your data secure is a very easy way of getting your data stolen.

    0 讨论(0)
 看不清?
提交回复
热议问题