XSS差评验经典ASP

时间:2015-05-27 06:01:56

标签: asp-classic xss

我在以下代码中遇到XSS差评验问题:

<TABLE cellpadding=0 cellspacing=1 border=0 style="table-layout:fixed">
        <col width=20%>
        <col width=13%>
        <col width=20%>
        <col width=13%>
        <col width=20%>
        <col width=13%>
        <TR height=25>
            <TD class=border_title_sub colspan=2 align=center>미작성</TD>
            <TD class=border_title_sub colspan=2 align=center>임시저장중</TD>
            <TD class=border_title_sub colspan=2 align=center>작성완료</TD>
        </TR>
        <%
        do until (rs_1.EOF and rs_2.EOF and rs_3.EOF)
        %>
        <TR height=25>
            <%
            if rs_1.EOF then
            %>
                <TD class=border_text>&nbsp;</TD>
                <TD class=border_text align=center>&nbsp;</TD>
            <%
            else
            rs_1_check_name  = rs_1("check_name")
            rs_1_user_name = rs_1("user_name")
            %>
                <TD class=border_text><%=HTMLDecode(Server.HTMLEncode(rs_1_check_name))%></TD>
                <TD class=border_text align=center><%=HTMLDecode(Server.HTMLEncode(rs_1_user_name))%></TD>
            <%
            end if

            if rs_2.EOF then
            %>
                <TD class=border_text>&nbsp;</TD>
                <TD class=border_text align=center>&nbsp;</TD>
            <%
            else
            rs_2_check_name  = rs_2("check_name")
            rs_2_user_name = rs_2("user_name")
            %>
                <TD class=border_text><%=HTMLDecode(Server.HTMLEncode(rs_2_check_name))%></TD>
                <TD class=border_text align=center><%=HTMLDecode(Server.HTMLEncode(rs_2_user_name))%></TD>
            <%
            end if

            if rs_3.EOF then
            %>
                <TD class=border_text>&nbsp;</TD>
                <TD class=border_text align=center>&nbsp;</TD>
            <%
            else
            rs_3_check_name  = rs_3("check_name")
            rs_3_user_name = rs_3("user_name")
            %>
                <TD class=border_text><%=HTMLDecode(Server.HTMLEncode(rs_3_check_name))%></TD>
                <TD class=border_text align=center><%=HTMLDecode(Server.HTMLEncode(rs_3_user_name))%></TD>
            <%
            end if
            %>
        </TR>
        <%
        if not rs_1.EOF then rs_1.movenext
        if not rs_2.EOF then rs_2.movenext
        if not rs_3.EOF then rs_3.movenext
        loop
        rs_1.close
        rs_2.close
        rs_3.close
        set rs_1 = Nothing
        set rs_2 = Nothing
        set rs_3 = Nothing
        %>
    </TABLE>

这里,HTMLDecode是我的自定义函数,定义如下:

<%
Function HTMLDecode(sText)
    Dim I
    sText = Replace(sText, "&quot;", Chr(34))
    sText = Replace(sText, "&lt;"  , Chr(60))
    sText = Replace(sText, "&gt;"  , Chr(62))
    sText = Replace(sText, "&amp;" , Chr(38))
    sText = Replace(sText, "&nbsp;", Chr(32))
    For I = 1 to 255
        sText = Replace(sText, "&#" & I & ";", Chr(I))
    Next
    HTMLDecode = sText
End Function
%>

由于我的数据已经在数据库中编码,我正在使用Server.HTMLEncode(&#34;&#34;)[逃离安全SW]和HTMLDecode(&#34;&#34;)[To正确显示信息]。

请你帮我解决一下。

0 个答案:

没有答案