我的代码在CAST下面的行
给出了错误输入类型="隐藏"名称=" SID" 值= LT;%=的request.getParameter(" SID&#34), 有人可以告诉我如何解决这个DOM漏洞?请告诉代码修改。下面是我的代码。
<!DOCTYPE html>
IAP
<link rel='stylesheet prefetch' href='http://cdnjs.cloudflare.com/ajax/libs/jquery.bootstrapvalidator/0.5.0/css/bootstrapValidator.min.css'>
<link href="../atom-resources/css/sky-form.css" rel="stylesheet">
<link href="../atom-resources/css/custom-form.css" rel="stylesheet">
<link href="../atom-resources/css/awesomplete.css" rel="stylesheet" type="text/css">
<!-- FAVICONS -->
<link rel="shortcut icon" href="../atom-resources/img/favicon-png.png" type="image/x-icon">
<link rel="icon" href="../atom-resources/img/favicon-png.png" type="image/x-icon">
<link href="../atom-resources/css/new-index-style.css" rel="stylesheet">
&lt;%@ taglib prefix =&#34; shiro&#34; URI =&#34; HTTP://shiro.apache.org/tags"%&GT; &lt;%@ include file =&#34; ../ atom-resources / shared / top.jsp&#34; %GT;
<%@ include file="../atom-resources/shared/side-menu.jsp" %>
<div id="page-wrapper" class="gray-bg dashbard-1">
<div class="row" >
<div id="divHTML">
<div class="wrapper wrapper-content">
<!-- <div id="breadcrumb-container">
<span class="breadcrumb-parent">Robotic Assistance</span> > Triage
</div>-->
<div class="child-container">
<div class="sub-header">
Admin
</div>
<div class="row col-md-12 col-sm-12 rowBgcolor">
<div class="subHeader">General settings</div>
<shiro:hasAnyRoles name="Super Admin">
<div class="col-md-1 col-sm-2 col-xs-4 circleThumb">
<div class="icon-container">
<a href="customers.jsp">
<div class="icon-wrapper">
<i class="fa fa-user-secret custom-icon">
<span class="fix-editor"> </span>
</i>
</div>
</a>
<div class="thumbText">
<a href="customers.jsp">Customer</a>
</div>
</div>
</div>
</shiro:hasAnyRoles>
<shiro:hasPermission name="Admin-Users-ViewUser">
<div class="col-md-1 col-sm-2 col-xs-4 circleThumb">
<div class="icon-container">
<a href="users.jsp">
<div class="icon-wrapper">
<i class="fa fa-user custom-icon">
<span class="fix-editor"> </span>
</i>
</div>
</a>
<div class="thumbText">
<a href="users.jsp">User</a>
</div>
</div>
</div>
</shiro:hasPermission>
<shiro:hasPermission name="Admin-Groups-ViewGroup">
<div class="col-md-1 col-sm-2 col-xs-4 circleThumb">
<div class="icon-container">
<a href="groups.jsp">
<div class="icon-wrapper">
<i class="fa fa-users custom-icon">
<span class="fix-editor"> </span>
</i>
</div>
</a>
<div class="thumbText">
<a href="groups.jsp">Groups</a>
</div>
</div>
</div>
</shiro:hasPermission>
<shiro:hasPermission name="Admin-Roles-ViewRole">
<div class="col-md-1 col-sm-2 col-xs-4 circleThumb">
<div class="icon-container">
<a href="#" onclick="loadPage('Roles')">
<div class="icon-wrapper">
<i class="fa glyphicon fa-newspaper-o custom-icon">
<span class="fix-editor"> </span>
</i>
</div>
</a>
<div class="thumbText">
<a href="#" onclick="loadPage('Roles')">Roles</a>
</div>
</div>
</div>
</shiro:hasPermission>
<shiro:hasPermission name="Admin-ManagePermission-ViewPermission">
<div class="col-md-1 col-sm-2 col-xs-4 circleThumb">
<div class="icon-container">
<a href="#" onclick="loadPage('Manage Permissions')">
<div class="icon-wrapper">
<i class="fa fa-lock custom-icon">
<span class="fix-editor"> </span>
</i>
</div>
</a>
<div class="thumbText">
<a href="#" onclick="loadPage('Manage Permissions')">Manage Permissions</a>
</div>
</div>
</div>
</shiro:hasPermission>
<shiro:hasAnyRoles name="Super Admin">
<div class="col-md-1 col-sm-2 col-xs-4 circleThumb">
<div class="icon-container">
<a href="#" onclick="loadPage('Market Configuration')">
<div class="icon-wrapper">
<i class="fa fa-database custom-icon">
<span class="fix-editor"> </span>
</i>
</div>
</a>
<div class="thumbText">
<a href="#" onclick="loadPage('Market Configuration')">MarketPlace Configuration</a>
</div>
</div>
</div>
</shiro:hasAnyRoles>
<shiro:hasAnyRoles name="Super Admin">
<div class="col-md-1 col-sm-2 col-xs-4 circleThumb">
<div class="icon-container">
<a href="#" onclick="loadPage('Heart Beat')">
<div class="icon-wrapper">
<i class="fa fa-heartbeat custom-icon">
<span class="fix-editor"> </span>
</i>
</div>
</a>
<div class="thumbText">
<a href="#" onclick="loadPage('Heart Beat')">Heartbeat</a>
</div>
</div>
</div>
</shiro:hasAnyRoles>
<div class="col-md-1 col-sm-2 col-xs-4 circleThumb">
<div class="icon-container">
<a href="#" onclick="loadPage('ITSM Mapping')">
<div class="icon-wrapper">
<i class="fa fa-delicious custom-icon">
<span class="fix-editor"> </span>
</i>
</div>
</a>
<div class="thumbText">
<a href="#" onclick="loadPage('ITSM Mapping')">ITSM Mapping</a>
</div>
</div>
</div>
<shiro:hasAnyRoles name="Super Admin,Admin">
<div class="row col-md-12 col-sm-12 rowBgcolor">
<div class="subHeader">Packages</div>
<div class="col-md-1 col-sm-2 col-xs-4 circleThumb" style="padding-left:0px; margin-left:0px;">
<div class="icon-container">
<div class="icon-wrapper">
<i class="fa fa-calendar custom-icon">
<span class="fix-editor"> </span>
</i>
</div>
<div class="thumbText">
Event Management
</div>
</div>
</div>
<div class="col-md-1 col-sm-2 col-xs-4 circleThumb">
<div class="icon-container">
<div class="icon-wrapper">
<span class="custom-icon">
<img src="../atom-resources/img/automation1.png" style="width: 34px; height: 32px;">
</span>
</div>
<div class="thumbText">
Automation
</div>
</div>
</div>
<div class="col-md-1 col-sm-2 col-xs-4 circleThumb">
<div class="icon-container">
<div class="icon-wrapper">
<i class="fa fa-line-chart custom-icon">
<span class="fix-editor"> </span>
</i>
</div>
<div class="thumbText">
Analytics
</div>
</div>
</div>
</div>
</shiro:hasAnyRoles>
<div class="row col-md-12 col-sm-12 rowBgcolor">
<div class="subHeader">Engine</div>
<shiro:hasPermission name="Admin-EventRouting-EventRouting">
<div class="col-md-1 col-sm-2 col-xs-4 circleThumb" style="padding-left:0px; margin-left:0px;">
<div class="icon-container">
<a onclick="loadPage('Rules')">
<div class="icon-wrapper">
<i class="fa fa-calendar-o custom-icon">
<span class="fix-editor"> </span>
</i>
</div>
</a>
<div class="thumbText">
<a onclick="loadPage('Rules')"> Event Routing </a>
</div>
</div>
</div>
</shiro:hasPermission>
<shiro:hasPermission name="Admin-TicketRoutingPolicies-TicketRouting">
<div class="col-md-1 col-sm-2 col-xs-4 circleThumb">
<div class="icon-container">
<a onclick="loadPage('Policies')">
<div class="icon-wrapper">
<i class="fa fa-ticket custom-icon">
<span class="fix-editor"> </span>
</i>
</div>
</a>
<div class="thumbText">
<a onclick="loadPage('Policies')"> Ticket Routing</a>
</div>
</div>
</div>
</shiro:hasPermission>
<shiro:hasPermission name="Admin-Configuration-ConfigurationView">
<div class="col-md-1 col-sm-2 col-xs-4 circleThumb">
<div class="icon-container">
<a href="#" onclick="loadPage('Configuration')">
<div class="icon-wrapper">
<i class="fa fa-wrench custom-icon">
<span class="fix-editor"> </span>
</i>
</div>
</a>
<div class="thumbText">
<a href="#" onclick="loadPage('Configuration')">Configuration</a>
</div>
</div>
</div>
</shiro:hasPermission>
<shiro:hasPermission name="Admin-PasswordVault-PasswordVaultView">
<div class="col-md-1 col-sm-2 col-xs-4 circleThumb">
<div class="icon-container">
<a href="#" onclick="loadPage('PasswordVault')">
<div class="icon-wrapper">
<i class="fa fa-key custom-icon">
<span class="fix-editor"> </span>
</i>
</div>
</a>
<div class="thumbText">
<a href="#" onclick="loadPage('PasswordVault')">Password Vault</a>
</div>
</div>
</div>
</shiro:hasPermission>
<shiro:hasPermission name="Admin-ApplianceManagement-ApplianceManagementView">
<div class="col-md-1 col-sm-2 col-xs-4 circleThumb">
<div class="icon-container">
<a href="#" onclick="loadPage('ApplianceMaintenance')">
<div class="icon-wrapper">
<i class="fa fa-server custom-icon">
<span class="fix-editor"> </span>
</i>
</div>
</a>
<div class="thumbText">
<a href="#" onclick="loadPage('ApplianceMaintenance')">Appliance Management</a>
</div>
</div>
</div>
</shiro:hasPermission>
<!--<div class="col-md-1 col-sm-2 col-xs-4 circleThumb">
<div class="icon-container">
<a href="#" onclick="loadPage('UserBusinessService')">
<div class="icon-wrapper">
<i class="fa fa-sitemap custom-icon">
<span class="fix-editor"> </span>
</i>
</div>
</a>
<div class="thumbText">
<a href="#" onclick="loadPage('UserBusinessService')">User Business Service Mapping</a>
</div>
</div>
</div>-->
<shiro:hasPermission name="Admin-ValidatePatternWorkflow-ValidatePattern">
<div class="col-md-1 col-sm-2 col-xs-4 circleThumb">
<div class="icon-container">
<a href="#" onclick="loadPage('validate')">
<div class="icon-wrapper">
<i class="fa fa-check-square-o custom-icon">
<span class="fix-editor"> </span>
</i>
</div>
</a>
<div class="thumbText">
<a href="#" onclick="loadPage('validate')">Validation Pattern</a>
</div>
</div>
</div>
</shiro:hasPermission>
<div class="col-md-1 col-sm-2 col-xs-4 circleThumb">
<div class="icon-container">
<a href="#" onclick="loadPage('AuditLog')">
<div class="icon-wrapper">
<i class="fa fa-pencil-square-o custom-icon">
<span class="fix-editor"> </span>
</i>
</div>
</a>
<div class="thumbText">
<a href="#" onclick="loadPage('AuditLog')">Audit Log</a>
</div>
</div>
</div>
</div>
</div>
<input type="hidden" name="sid" value=<%=request.getParameter("sid")%> >
</div>
</div>
</div>
</div>
</div>
</div>
<%@ include file="../atom-resources/shared/bottom.html" %>
<script src="../atom-resources/js/plugins/iCheck/icheck.min.js"></script>
<script src="../atom-resources/js/jsviews.js"></script>
<script src="../atom-resources/js/jquery.formatDateTime.js"></script>
<!-- Configuration Page Js file -->
<script src="../atom-resources/js/Configuration.js"></script>
<script>
$(document).ready(function(){
$('#admin-li').addClass('active');
loadPage = function(pageName){
$('.side-sub-menu').removeClass('Active');
if(pageName == "Customer")
{
$("#customer-li").addClass("Active");
$("#divHTML").load("_customers.html");
}
else if(pageName == "Roles") {
$("#ulReports").addClass("in");
$("#divHTML").load("roles.jsp");
$("#roles-li").addClass("Active");
}
else if(pageName == "Manage Permissions") {
$("#ulReports").addClass("in");
$("#ManagePermissions-li").addClass("Active");
$("#divHTML").load("manage-permissions.jsp");
}
else if(pageName == "Rules")
{
$('#Engine-Rules-li').addClass('Active');
$("#divHTML").load("policyManagement.jsp");
}
else if(pageName == "ApplianceMaintenance")
{
$('#Engine-ApplianceMaintenance-li').addClass('Active');
$("#divHTML").load("Appliance-Maintenance.jsp");
}
else if(pageName == "Policies")
{
$('#Engine-Policies-li').addClass('Active');
/*$("#divHTML").load("_routing-home.html");*/
$("#divHTML").load("TicketRouting.jsp");
}
else if(pageName == "Configuration") {
$("#Engine-Configuration-li").addClass("Active");
$("#ulReports").addClass("in");
$("#divHTML").load("configuration.jsp");
}
else if(pageName == "Market Configuration") {
$("#ulReports").addClass("in");
$("#divHTML").load("Mp-Configuration.jsp");
}
else if(pageName == "Heart Beat") {
$("#ulReports").addClass("in");
$("#HeartBeat-li").addClass("Active");
$("#divHTML").load("heartbeat.jsp");
}
else if(pageName == "ITSM Mapping") {
$("#ulReports").addClass("in");
$("#itsm-mapping-li").addClass("Active");
$("#divHTML").load("itsm-mapping.jsp");
}
else if(pageName == "PasswordVault") {
<shiro:hasPermission name="Admin-PasswordVault-ConsoleEdit">
PasswordVaultConsoleEdit=true;
</shiro:hasPermission>
<shiro:hasPermission name="Admin-PasswordVault-ConsoleDelete">
PasswordVaultConsoleDelete=true;
</shiro:hasPermission>
$("#ulReports").addClass("in");
$('#Engine-PasswordVault-li').addClass('Active');
$("#divHTML").load("Password-Vault.jsp");
}
else if(pageName == "ApplianceMaintenance") {
$("#ulReports").addClass("in");
$("#divHTML").load("Appliance-Maintenance.jsp");
}
else if(pageName == "AuditLog") {
$("#ulReports").addClass("in");
$("#audit").addClass("Active");
$("#divHTML").load("audit-log.jsp");
}
else if(pageName == "LogPolicy") {
$("#ulReports").addClass("in");
$("#log-policy").addClass("Active");
$("#divHTML").load("log-policy.jsp");
}
else if(pageName == "LogSync") {
$("#ulReports").addClass("in");
$("#log-sync").addClass("Active");
$("#divHTML").load("log-sync.jsp");
}
else if(pageName == "validate") {
$('#Engine-Validate-li').addClass('Active');
$("#ulReports").addClass("in");
$("#divHTML").load("validate.jsp");
}
/*else if(pageName == "UserBusinessService") {
$("#ulReports").addClass("in");
$("#divHTML").load("user-business-service.jsp");
}*/
}
});
</script>