今天就开通帐号,24,700 门业界名师课程任您挑!
Solution: Securing output
(upbeat music) - [Instructor] So here's my solution, the form can stay a string because it doesn't have any parameters, but the login template, which generates the data dynamically is using now HTML template showing the status. Another thing we're doing is, we are doing return after the authentication error to make sure that there are no problems and now we execute the template. Let's run this code, open the debug console to see that it's running and now we can try it out. If you go here and start without, will say just bad login, but if you go back and save the user and the password, we will get the script and the vulnerability of the XSS is not going to trigger.
下载课程离线学习
下载课程到移动设备,轻松离线学习。在领英学习 iOS 或安卓版 APP 下载课程