28,391
社区成员
发帖
与我相关
我的任务
分享跨站脚本漏洞怎么解决?
说这个ASP有跨站脚本错误,建议使用htmlencode函数对所有输入和输出变量进行过滤,可是我加了就报错,求怎么修改?
<%@ Language=VBScript %>
<HTML><HEAD>
<META NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
<TITLE>系统提示</TITLE>
<%
dim error_kind,error_code,error_msg,title,content,nextUrl
error_kind=Request.QueryString("error_kind")
error_code=Request.QueryString("error_code")
nextUrl=Request.QueryString("nextUrl")
error_msg=Trim(Request.QueryString("error_msg"))
if IsNumeric(error_kind) then
select case error_kind
case 01
ls_title="系统用户设置"
case 02
ls_title="后台数据库操作错误"
case 03
ls_title="错 误"
case else
ls_title="错 误"
end select
else
ls_title="信息"
end if
if isempty(error_msg) or isnull(error_msg) then
if isnumeric(error_code) then
ls_content="错误代码:"&Cstr(error_code)
else
ls_content="错误代码:"&error_code
end if
else
ls_content=error_msg
end if
ls_nextUrl="返回"
'nextUrl = "javascript:window.history.back()"
if IsNumeric(nextUrl) then
select case nextUrl
case 1
nextUrl = "javascript:parent.location.href = '/reports/'"
ls_nextUrl="返回首页"
case 2
nextUrl = "javascript:window.close()"
ls_nextUrl="关闭"
case 3
nextUrl = "javascript:window.history.back()"
ls_nextUrl="返回前页"
case else
if nextUrl <> "" then
nextUrl = "javascript:window.history.back()"
ls_nextUrl="返回前页"
end if
end select
else
if isempty(nextUrl) or isnull(nextUrl) then
nextUrl = "javascript:window.close()"
ls_nextUrl="关闭"
end if
end if
%>
</HEAD>
<BODY>
<center><table WIDTH=600 BORDER="0" CELLSPACING="5" CELLPADDING="5" height="100%">
<tr>
<td align="center" valign="middle"><table cellpadding="0" cellspacing="0" border="1" bordercolor=black width=300 >
<tr>
<td bgcolor="#ffffff">
<table width="100%" cellpadding="2" cellspacing="0" border="0" bordercolor=black>
<tr>
<td bgcolor="#336699" height=21 align=middle><font color="#ffffff">-=-=-=- <%=ls_title%> -=-=-=-<br></font>
</td></tr>
</table>
</td></tr><tr><td>
<table cellpadding="3" cellspacing="0" border="0" width="100%">
<tr>
<td bgcolor="#eeeeee">
<table cellpadding="10" cellspacing="5" border="0" width="100%" >
<tr>
<td align="middle" bgcolor="#eeeeee" valign=center><BR><%=ls_content%></td></tr>
</table>
<tr>
<td valign=center align="right" bgcolor="#eeeeee"><font face="verdana,geneva,helvetica" >[ <a href="<%=nextUrl%>" style="TEXT-DECORATION: none" Target="_top"><%=ls_nextUrl%></a> ]</font>
</td></tr>
</table>
</td></tr></table></td>
</tr>
</table>
</center>
</BODY>
</html>
<%@ Language=VBScript %>
<HTML><HEAD>
<META NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
<TITLE>系统提示</TITLE>
<%
dim error_kind,error_code,error_msg,title,content,nextUrl
error_kind=Request.QueryString("error_kind")
error_code=Request.QueryString("error_code")
nextUrl=Request.QueryString("nextUrl")
error_msg=Trim(Request.QueryString("error_msg"))
if IsNumeric(error_kind) then
select case error_kind
case 01
ls_title="系统用户设置"
case 02
ls_title="后台数据库操作错误"
case 03
ls_title="错 误"
case else
ls_title="错 误"
end select
else
ls_title="信息"
end if
if isempty(error_msg) or isnull(error_msg) then
if isnumeric(error_code) then
ls_content="错误代码:"&Cstr(error_code)
else
ls_content="错误代码:"&error_code
end if
else
ls_content=error_msg
end if
ls_nextUrl="返回"
'nextUrl = "javascript:window.history.back()"
if IsNumeric(nextUrl) then
select case nextUrl
case 1
nextUrl = "javascript:parent.location.href = '/reports/'"
ls_nextUrl="返回首页"
case 2
nextUrl = "javascript:window.close()"
ls_nextUrl="关闭"
case 3
nextUrl = "javascript:window.history.back()"
ls_nextUrl="返回前页"
case else
if nextUrl <> "" then
nextUrl = "javascript:window.history.back()"
ls_nextUrl="返回前页"
end if
end select
else
if isempty(nextUrl) or isnull(nextUrl) then
nextUrl = "javascript:window.close()"
ls_nextUrl="关闭"
end if
end if
%>
</HEAD>
<BODY>
<center><table WIDTH=600 BORDER="0" CELLSPACING="5" CELLPADDING="5" height="100%">
<tr>
<td align="center" valign="middle"><table cellpadding="0" cellspacing="0" border="1" bordercolor=black width=300 >
<tr>
<td bgcolor="#ffffff">
<table width="100%" cellpadding="2" cellspacing="0" border="0" bordercolor=black>
<tr>
<td bgcolor="#336699" height=21 align=middle><font color="#ffffff">-=-=-=- <%=ls_title%> -=-=-=-<br></font>
</td></tr>
</table>
</td></tr><tr><td>
<table cellpadding="3" cellspacing="0" border="0" width="100%">
<tr>
<td bgcolor="#eeeeee">
<table cellpadding="10" cellspacing="5" border="0" width="100%" >
<tr>
<td align="middle" bgcolor="#eeeeee" valign=center><BR><%=ls_content%></td></tr>
</table>
<tr>
<td valign=center align="right" bgcolor="#eeeeee"><font face="verdana,geneva,helvetica" >[ <a href="<%=nextUrl%>" style="TEXT-DECORATION: none" Target="_top"><%=ls_nextUrl%></a> ]</font>
</td></tr>
</table>
</td></tr></table></td>
</tr>
</table>
</center>
</BODY>
</html>
...全文
请发表友善的回复…
发表回复
cimzzxiang 2008-08-07
- 打赏
- 举报
error_kind=server.htmlencode(Request.QueryString("error_kind"))
hyb2000 2008-08-07
- 打赏
- 举报
类型不匹配: 'htmlencode'
/reports/pub/error.asp,行8
这样的加的话报上面的错
error_kind=htmlencode(Request.QueryString("error_kind"))
/reports/pub/error.asp,行8
这样的加的话报上面的错
error_kind=htmlencode(Request.QueryString("error_kind"))
mmidd 2008-08-07
- 打赏
- 举报
报什么错啊?
