<span id="7ztzv"></span>
<sub id="7ztzv"></sub>


<span id="7ztzv"></span><form id="7ztzv"></form>


<span id="7ztzv"></span>
    

      

        <address id="7ztzv"></address>
            


					
            
						
            
													
							
            
							   Often Misused: Encoding
							
            
							
            ABSTRACT
            
							
            
							  
							
            
							
            EXPLANATION
            
							
            
							  我們很容易相信此編碼方法可保護系統免受注入攻擊,但是如果未在正確的上下文中準確使用此方法,則其提供的保護會遠遜于宣稱的效果。

            例 1:下列編碼方法調用使攻擊者可以利用其插入惡意 JavaScript 的機會較小:

            out.println("x = " + encoder.encodeForJavaScript(input) + ";");
            
							
            
							 								
            REFERENCES
            
																								   
            [1] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 176 
            
																									   
            [2] OWASP ESAPI Secure Coding Guideline 
            
																														
            
							
            
							
            
							
            
							Copyright 2013 Fortify Software - All rights reserved.
							
            
							(Generated from version 2013.1.1.0008 of the Fortify Secure Coding Rulepacks)
							
            
							desc.structural.java.often_misued_encoding
							
            
							
            
						
            

            <span id="7ztzv"></span>
            <sub id="7ztzv"></sub>
            

            <span id="7ztzv"></span><form id="7ztzv"></form>
            

            <span id="7ztzv"></span>
              

                

                  <address id="7ztzv"></address>
                      

亚洲欧美在线