修复建议:建议对用户得输入与输出进行过滤,过滤一些比较危险得标签和关键字,如<script></script>、alert等
代码如下:在input输入框加入onblur事件;定义οnblur="checkText('id',this.value)";id为文本框DOM id 属性
//验证文本框输入特殊字符
function checkText(id,text){//xss攻击特殊字符过滤
var arr=new Array();
arr=["alert","eval","<script>","</script>","onblur","onload","onfocus","onerror","onclick","onMouseOver",
"onMouseOut","onSelect","onChange","onSubmit","console","href",
"<iframe>","</iframe>","<img>","</img>","<iframe>","</iframe>","<video>","</video>",
"<canvas>","</canvas>","<label>","</label>","<span>","</span>","document","location","javascript"];
$.each(arr,function(index,value){
if(text.indexOf(value)!=-1){
layer.msg("输入信息包含"+value+"特殊字符", {
icon : 5,
anim : 5,
time : 1000,
shade : 0.5
});
$('#'+id).val("");
$('#'+id).focus();
return false;
}
});
}