溫馨提示×

angular如何防止xss攻擊

小新
498
2020-12-23 09:42:44
欄目: 網絡安全

angular如何防止xss攻擊

angular防止xss攻擊的示例:

angular提供了一個DomSanitizer服務,提供的方法如下:

export enum SecurityContext { NONE, HTML, STYLE, SCRIPT, URL, RESOURCE_URL }

export abstract class DomSanitizer implements Sanitizer {

// 過濾惡意代碼,可設置過濾類型

abstract sanitize(context: SecurityContext, value: SafeValue|string|null): string|null;

// 跳過html的檢查

abstract bypassSecurityTrustHtml(value: string): SafeHtml;

// 跳style的檢查

abstract bypassSecurityTrustStyle(value: string): SafeStyle;

// 跳過script的檢查

abstract bypassSecurityTrustScript(value: string): SafeScript;

// 跳過style的檢查

abstract bypassSecurityTrustUrl(value: string): SafeUrl;

// 跳過url的檢查

abstract bypassSecurityTrustResourceUrl(value: string): SafeResourceUrl;

}

應該該服務進行防止xss攻擊,例如:

// html

An untrusted URL:

Click me

A trusted URL:

Click me

// js

import { DomSanitizer } from '@angular/platform-browser';

@Component({

...

})

export class DemoComponent {

constructor(private sanitizer: DomSanitizer) {

}

this.dangerousUrl = 'javascript:alert("Hi there")';

// 人為信任該url

this.trustedUrl = sanitizer.bypassSecurityTrustUrl(this.dangerousUrl);

}

0
亚洲午夜精品一区二区_中文无码日韩欧免_久久香蕉精品视频_欧美主播一区二区三区美女