website. I enter < script > alert (22) < / script > in the form and click submit. Why is the website transferred to http://test.baidu.com/off_we_go.html? A blank page like this? Have you done something to prevent XSS treatment?
website. I enter < script > alert (22) < / script > in the form and click submit. Why is the website transferred to http://test.baidu.com/off_we_go.html? A blank page like this? Have you done something to prevent XSS treatment?
you can try this: https://github.com/leizongmin/js-xss
" if SQL is injected, it can be solved by using PreparedStatement;
Using JSTL's Cout, you can also lose some tags on Filter;
The data requested by ajax can also be escaped with HtmlEncode.
there are libraries that prevent xss attacks by escaping tags so that when displayed on a web page, browsers will only display tags as characters
the front-end XSS Filter will be bypassed, and only in the back-end Filter can it be foolproof. Reference:
how to use Filter untrusted input to defend websites from being XSS?