如题:关于预防XSS攻击,用户输入时进行HTML编码?页面输出时进行HTML编码?哪个方案更好一点?
个人感觉输入时就进行编码会更方便些,因为输出内容的页面会比较多,每次都编码,容易遗漏,但是实际应用似乎输出时进行编码会更多一些?
欢迎选择我的课程,让我们一起见证您的进步~~
For xss filtering, remember, must be filtered on the server side! ! ! ! ! ! ! Be sure to filter when outputting! ! ! ! !
Server side: Write the escape of the library and escape when displaying
I usually escape when typing to prevent SQL injection
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
For xss filtering, remember,
must be filtered on the server side! ! ! ! ! ! !
Be sure to filter when outputting! ! ! ! !
Server side: Write the escape of the library and escape when displaying
I usually escape when typing to prevent SQL injection