我已经阅读了很多有关XSS攻击的信息,现在我了解了它的工作原理,然后尝试进行验证。但是我遇到了一些问题:
正在寻找很多机会:
1-下载jar jstl-1.2 2-在.jsp页面上,我添加了: taglib uri =“ http://java.sun.com/jsp/jstl/functions”前缀=“ fn”
在出现问题的字段中,我放了XMLSCAPE-所以我想知道格式是否正确:
<div class="ibm-container">
<div class="ibm-container-body">
<form action="order_status" class="ibm-column-form ibm-styled-form" method="post">
<p><label for="customer">Customer number:</label>
<span><input name="customer" id="customer" maxlength="7" value="${fn:escapeXml(customer)}" type="text" /></span></p>
<div class="ibm-buttons-row">
<table border="0px" cellpadding="0px" cellspacing="0px">
<tr>
<td width="180px"></td>
<td>
<p><input name="submit" value="<%=com.ibm.ssos.Constants.TEXT_GET_ORDERS%>" type="submit" class="ibm-btn-pri ibm-btn-small" />
<input name="action" value="<%=com.ibm.ssos.Constants.TEXT_GET_ORDERS%>" type="hidden" /></p>