以下是我的网址请求
此网址正在发生跨网站脚本,如下所示。新参数会在网址中添加为' -alert - ' = 1并传递给下一页
http://test.com?leavingfrom=BOM&goingto=DEL&travel=DOM&_token=gclligMoBzOHW4wwruDShklxbOh3SjsKTWRvWFK0&Default=O&leavingfrom1=Mumbai+%28BOM%29&goingto1=New+Delhi+%28DEL%29&depart=16-02-2017&arrive=&class=E&adults=1&child=0&infants=0的&安培;' -alert - ' = 1
如果添加新参数,如何停止跨站点脚本
答案 0 :(得分:0)
您可以将此类用作中间件
class XSSProtection
{
/**
* The following method loops through all request input and strips out all tags from
* the request. This to ensure that users are unable to set ANY HTML within the form
* submissions, but also cleans up input.
*
* @param Request $request
* @param callable $next
* @return mixed
*/
public function handle(Request $request, \Closure $next)
{
if (!in_array(strtolower($request->method()), ['put', 'post'])) {
return $next($request);
}
$input = $request->all();
array_walk_recursive($input, function(&$input) {
$input = strip_tags($input);
});
$request->merge($input);
return $next($request);
}
}