We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
此处代码对于scheduleTitle直接进行了.val()获取值,而不是将其直接使用html进行转义,存在XSS漏洞 故可以在输入日程title的地方轻易构造xss 推荐防御:使用htmlspecialchars()函数将特殊字符转换为HTML实体
测试单位:山东大学网络空间安全学院
The text was updated successfully, but these errors were encountered:
No branches or pull requests
此处代码对于scheduleTitle直接进行了.val()获取值,而不是将其直接使用html进行转义,存在XSS漏洞
故可以在输入日程title的地方轻易构造xss
推荐防御:使用htmlspecialchars()函数将特殊字符转换为HTML实体
测试单位:山东大学网络空间安全学院
The text was updated successfully, but these errors were encountered: