• 日期: 2027-11-28
  • 标签: 常规
<!DOCTYPE html>
<head>
    <meta http-equiv="Content-Type" content="application/xhtml+xml; charset=utf-8; X-Wap-Proxy-Cookie=none" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
    <title>烧杯大厅</title>
    <link type="text/css" href="app/style/chat.css?v=1.2" rel="stylesheet" />
</head>
<body>
<div class="top"><span class="name">烧杯在线聊天室</span></div>
<?php
require_once 'app/app.php';
if(empty(@$_COOKIE[KEYS.'_name'])){
    echo '<div class="write login">                
                <input type="text" value=''.rand_nick().'' id="nick" maxlength="5" placeholder="输入昵称..." />                
                <a href="javascript:;' id="login" class="write-link send">进入</a>
</div>';          
}
 echo '<div class="talk mk-chat-box">     
</div>
<div class="talk write">                
                <input type="text" id="msg" maxlength="140" placeholder="聊点什么吧..." onkeyup="this.value=htmlspecialchars(this.value)" />                
                <a href="javascript:;' id="send" class="write-link send" onclick="send()">发送</a>
</div>'; 
?>
<div class="foot">本聊天室禁止广告!打了死妈!!<a href="./">刷新</a></div>
<script src="app/style/jquery.min.js"></script>
<script src="app/style/chat.min.js"></script>
</body>
</html>
<p>可以在输入框中加入输入过滤,使用 htmlspecialchars 函数将特殊字符转义,防止 XSS 攻击。修改后的代码如下:</p>
<!DOCTYPE html>
<head>
    <meta http-equiv="Content-Type" content="application/xhtml+xml; charset=utf-8; X-Wap-Proxy-Cookie=none" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
    <title>烧杯大厅</title>
    <link type="text/css" href="app/style/chat.css?v=1.2" rel="stylesheet" />
</head>
<body>
<div class="top"><span class="name">烧杯在线聊天室</span></div>
<?php
require_once 'app/app.php';
if(empty(@$_COOKIE[KEYS.'_name'])){
    echo '<div class="write login">                
                <input type="text" value=''.rand_nick().'' id="nick" maxlength="5" placeholder="输入昵称..." />                
                <a href="javascript:;' id="login" class="write-link send">进入</a>
</div>';          
}
 echo '<div class="talk mk-chat-box">     
</div>
<div class="talk write">                
                <input type="text" id="msg" maxlength="140" placeholder="聊点什么吧..." onkeyup="this.value=htmlspecialchars(this.value)" />                
                <a href="javascript:;' id="send" class="write-link send" onclick="send()">发送</a>
</div>'; 
?>
<div class="foot">本聊天室禁止广告!打了死妈!!<a href="./">刷新</a></div>
<script src="app/style/jquery.min.js"></script>
<script src="app/style/chat.min.js"></script>
</body>
</html>
防止 XSS 攻击:聊天室输入过滤

原文地址: https://www.cveoy.top/t/topic/nqQ6 著作权归作者所有。请勿转载和采集!

免费AI点我,无需注册和登录