来自:LucidWood's BLOG
ps:着两天忙着考试呢!感谢这位朋友提供
![[wink]](/article/UploadPic/2006-6/200662710014542.gif)
针对防注3.0存在跨站脚本漏洞的临时解决办法
请大家在vsqlinadmin_neeao.asp的include语句xiamian加上如下代码
<%
Function HTMLEncode(urlString)
urlString = replace(urlString, ">", ">")
urlString = replace(urlString, "<", "<")
urlString = Replace(urlString, CHR(13), "")
urlString = Replace(urlString, CHR(10) & CHR(10), "</P><P>")
urlString = Replace(urlString, CHR(10), "<BR>")
HTMLEncode = urlString
End Function
%>
然后将 <td><%=rs("SqlIn_SJ")%></td>改为Function HTMLEncode(urlString)
urlString = replace(urlString, ">", ">")
urlString = replace(urlString, "<", "<")
urlString = Replace(urlString, CHR(13), "")
urlString = Replace(urlString, CHR(10) & CHR(10), "</P><P>")
urlString = Replace(urlString, CHR(10), "<BR>")
HTMLEncode = urlString
End Function
%>
<td><%=HTMLEncode(rs("SqlIn_SJ"))%></td>
我这提供的是临时解决办法,官方等Neeao发布吧!
有什么问题到我的主页去提出,我会尽快回答的
http://www.lucidwood.com
[最后修改由 neeao, 于 2005-06-01 19:23:20]
