求求大神帮我修复一下XSS漏洞,谢谢大神啊。求您了
<input type="text" class="input1" id="search_key" name="keyword" />
<input type="submit" value="" id="search_btn" class="Searchbutton" />
<!--top end-->
<script type="text/javascript">
$(function () {
$("#search_btn").click(function () {
search();
})
});
function search() {
var keyword = $("#search_key").val();
if (keyword == "") {
alert("请输入关键字!");
return;
}
else {
var SPECIAL_STR = "¥#$~!@%^&*();'\"?><[]{}\\|,:/=+—“”‘";
for (i = 0; i < keyword.length; i++)
if (SPECIAL_STR.indexOf(keyword.charAt(i)) != -1) {
alert("不能填写非法字符(" + keyword.charAt(i) + ")!");
$("#search_key").focus();
$("#search_key").select();
return;
}
else {
window.location = "SearchResults.aspx?keyword=" + escape(keyword);
}
}
}
</script>
</div>