我的分页代码XSS跨站脚本漏洞如何处理
阿贝儿儿 2014-01-22 12:57:38 我的分页代码是
function showpage(totalnumber,maxperpage,filename)
dim n
if totalnumber mod maxperpage=0 then
n=totalnumber\maxperpage
else
n=totalnumber\maxperpage+1
end if
response.write"<form method=post action="&filename&">"
response.write"共<strong><font color='red'>"&totalnumber&"</font></strong>条 "
if CurrentPage<2 then
response.write"<font FONT-SIZE: 9pt>首页 上一页</font> "
else
response.write"<a href="&filename&"?page=1&>首页</a> "
response.write"<a href="&filename&"?page="¤tPage-1&">上一页</a> "
end if
if n-currentpage<1 then
response.write"<font FONT-SIZE: 9pt;>下一页 尾页</font>"
else
response.write"<a href="&filename&"?page="&(currentpage+1)&">下一页</a> "
response.write"<a href="&filename&"?page="&n&">尾页</a> "
end if
response.write" 页次:<strong><font color=red>"¤tpage&"</font>/"&n&"</strong>页 "
response.write"<input class=buttonface type='submit' value='转到' name='cndok' > "
response.write"第<input type='text' name='page' size=2 maxlength=3 class=smallinput value="¤tpage&">页</form>"
end function
用百度检测 XSS跨站脚本漏洞
请求POST参数cndok=转到&page=1'>\';</script>>\"><script>alert(1)</script>'
请高手在指点一下这个漏洞如何处理