Bellow代码容易受到跨站攻击。我证实了这一点。我想把它修好。我该怎么做呢?代码是用经典的asp编写的。
Dim strGo : strGo = Request.QueryString.Item("go");
Response.Write "document.location.href = 'browserCompatibilities.asp?go=" & strGo;
您必须将查询字符串参数encode
:
Response.Write "document.location.href = 'browserCompatibilities.asp?go=" &
Server.HTMLEncode(strGo)