漏洞：dom型xss漏洞修复方式有哪几种

dom型xss漏洞修复方式有哪几种

修复dom型xss漏洞的方式有以下几种

1.使用@InitBinder方法

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.WebDataBinder;
import org.springframework.web.bind.annotation.InitBinder;
@Controller
public class BaseController {
@InitBinder
public void webInitBinder(WebDataBinder binder){
binder.registerCustomEditor(String.class, new StringEditor());
}
}
public class StringEditor extends PropertyEditorSupport {
@Override
public void setAsText(String text) throws IllegalArgumentException {
if (StringUtils.isBlank(text)) {
return;
}
try {
//Spring自带html标签转义与反转义
super.setValue(HtmlUtils.htmlEscape(text));
} catch (Exception e) {
throw new IllegalArgumentException(e);
}
}
}

2.使用WebBindingInitializer方法

public class WebBinderInitializerUtils implements WebBindingInitializer{
@Override
public void initBinder(WebDataBinder binder, WebRequest request) {
binder.registerCustomEditor(String.class,new StringEditor());
}
}
public class StringEditor extends PropertyEditorSupport {
@Override
public void setAsText(String text) throws IllegalArgumentException {
if (StringUtils.isBlank(text)) {
return;
}
try {
//Spring自带html标签转义与反转义
super.setValue(HtmlUtils.htmlEscape(text));
} catch (Exception e) {
throw new IllegalArgumentException(e);
}
}
}

3.使用HttpOnly方法

response.setHeader("Set-Cookie", "cookiename=value;
Path=/;Domain=domainvalue;Max-Age=seconds;HTTPOnly");

本文来源：https://www.yuntue.com/post/60301.html | 云服务器网，转载请注明出处！