没分了,,请见谅
测试软件一直提示高风险 Stored XSS
jsp页面引入另一个jsp页面 ,试了2种引入都有问题
原页面代码
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@ page isELIgnored="false" %>
<%@ include file="taglibs.jsp" %>
<%@ page import="org.springframework.web.util.HtmlUtils" %>
<html>
<head>
<title>提示信息</title>
<link rel="stylesheet" type="text/css" href="/skin/manage/css/main.css">
<link rel="stylesheet" type="text/css" href="/frame_res/js/jquery-easyui-1.3.5/themes/default/easyui.css">
<link rel="stylesheet" type="text/css" href="/frame_res/js/jquery-easyui-1.3.5/themes/icon.css">
<link rel="stylesheet" type="text/css" href="/frame_res/js/jquery-easyui-1.3.5/themes/demo.css">
<link rel="stylesheet" type="text/css" href="/frame_res/css/style.css">
<link rel="stylesheet" type="text/css" href="/frame_res/css/main.css" />
<script type="text/javascript" src="/assets/js/jquery-2.1.1.min.js"></script>
<script type="text/javascript" src="/frame_res/js/jquery-easyui-1.3.5/jquery.easyui.min.js"></script>
<script type="text/javascript" src="/frame_res/js/jquery-easyui-1.3.5/locale/easyui-lang-zh_CN.js"></script>
<script type="text/javascript" src="/frame_res/js/artDialog/jquery.artDialog.source.js?skin=blue"></script>
<script type="text/javascript" src="/frame_res/js/artDialog/plugins/iframeTools.js"></script>
<script type="text/javascript" src="/frame_res/js/constant.js"></script>
<script type="text/javascript" src="/frame_res/js/main.js"></script>
</head>
<body bgColor="#FFFFFF" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" >
被引入页面代码
<%@ taglib uri="http://java.sun.com/jsp/jstl/fn" prefix="fn"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ page import="org.springframework.web.util.HtmlUtils" %>
<c:set var="contextPath" value="${pageContext.request.contextPath}" scope="request" />
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>