这是我的cookie代码。
var campaignId ="someCookieValue";
var d = new Date();
d.setTime(d.getTime() + (365*24*60*60*1000)); // SET COOKIE EXPIRY TO 365 days.
var expires = "expires="+ d.toUTCString();
document.cookie = 'campaignId='+ campaignId + "; Domain="+ document.domain + "; path=/; " + expires;
document.cookie = 'sourceUrl='+ window.location.href + ";" + expires;
尝试进行验证
var campaignId ="someCookieValue";
var d = new Date();
d.setTime(d.getTime() + (365*24*60*60*1000)); // SET COOKIE EXPIRY TO 365 days.
var expires = "expires="+ d.toUTCString();
var value = new RegExp(/^[a-zA-Z0-9\-_\.:]*$/);
if(value.test(campaignId))
document.cookie = 'campaignId='+ campaignId + "; Domain="+ document.domain + "; path=/; " + expires;
var expression =/[-a-zA-Z0-9@:%_\+.~#?&//=]{2,256}\.[a-z]{2,4}\b(\/[-a-zA-Z0-9@:%_\+.~#?&//=]*)?/gi;
var pattern = new RegExp(expression);
var cookieValue = window.location.href;
if(cookieValue){
if(value.test(cookieValue)) {
cookieValue = encodeURIComponent(cookieValue);
document.cookie = 'sourceUrl='+ cookieValue + ";" + expires;
}
}
我在document.cookie上的强化扫描中遇到问题,就像lambda()中的方法main.js在HTTP cookie中的第486行中包含未经验证的数据一样。这会导致Cookie操纵攻击并可能导致对其他HTTP响应标头操纵攻击的攻击,例如:cache-poisoning,cross-site scripting,cross-user defacement,page hijacking或open redirect。
答案 0 :(得分:0)
找到了解决方案。我通过外部cryptoJs对cookie值进行了加密,并解决了扫描问题。
product_sizes.wheel = '13'