代码不用看 ,主要是针对这些代码,应该怎么处理,防止产生注入漏洞? 第一个,QQ在线状态
<a href="http://sighttp.qq.com/cgi-bin/check?sigkey=5bf6eba51bf938d5420047350b0ba58ed6e915a7e8de29ce2c49cdbe3df09961"; target=_blank; onclick="var tempSrc='http://sighttp.qq.com/wpa.js?rantime='+Math.random()+'&sigkey=5bf6eba51bf938d5420047350b0ba58ed6e915a7e8de29ce2c49cdbe3df09961';var oldscript=document.getElementById('testJs');var newscript=document.createElement('script');newscript.setAttribute('type','text/javascript'); newscript.setAttribute('id', 'testJs');newscript.setAttribute('src',tempSrc);if(oldscript == null){document.body.appendChild(newscript);}else{oldscript.parentNode.replaceChild(newscript, oldscript);}return false;"><img border="0" SRC='http://wpa.qq.com/pa?p=1:21555059:41' alt=""></a> 第二个,msn在线状态 <script type="text/javascript" src="http://settings.messenger.live.com/controls/1.0/PresenceButton.js"></script>
<div
id="Microsoft_Live_Messenger_PresenceButton_762f81dbd700232f"
msgr:width="100"
msgr:backColor="#FC9E60"
msgr:altBackColor="#FFFFFF"
msgr:foreColor="#424542"
msgr:conversationUrl="http://settings.messenger.live.com/Conversation/[email protected]&mkt=zh-cn&useTheme=true&themeName=orange&foreColor=333333&backColor=FDC098&linkColor=333333&borderColor=FB8233&buttonForeColor=333333&buttonBackColor=FFC9A5&buttonBorderColor=FB8233&buttonDisabledColor=FFC9A5&headerForeColor=333333&headerBackColor=FC9E60&menuForeColor=333333&menuBackColor=FFFFFF&chatForeColor=333333&chatBackColor=FFFFFF&chatDisabledColor=F6F6F6&chatErrorColor=760502&chatLabelColor=6E6C6C"></div>
<script type="text/javascript" src="http://messenger.services.live.com/users/[email protected]/presence?dt=&mkt=zh-cn&cb=Microsoft_Live_Messenger_PresenceButton_onPresence"></script>
<a href="http://sighttp.qq.com/cgi-bin/check?sigkey=5bf6eba51bf938d5420047350b0ba58ed6e915a7e8de29ce2c49cdbe3df09961"; target=_blank; onclick="var tempSrc='http://sighttp.qq.com/wpa.js?rantime='+Math.random()+'&sigkey=5bf6eba51bf938d5420047350b0ba58ed6e915a7e8de29ce2c49cdbe3df09961';var oldscript=document.getElementById('testJs');var newscript=document.createElement('script');newscript.setAttribute('type','text/javascript'); newscript.setAttribute('id', 'testJs');newscript.setAttribute('src',tempSrc);if(oldscript == null){document.body.appendChild(newscript);}else{oldscript.parentNode.replaceChild(newscript, oldscript);}return false;"><img border="0" SRC='http://wpa.qq.com/pa?p=1:21555059:41' alt=""></a> 第二个,msn在线状态 <script type="text/javascript" src="http://settings.messenger.live.com/controls/1.0/PresenceButton.js"></script>
<div
id="Microsoft_Live_Messenger_PresenceButton_762f81dbd700232f"
msgr:width="100"
msgr:backColor="#FC9E60"
msgr:altBackColor="#FFFFFF"
msgr:foreColor="#424542"
msgr:conversationUrl="http://settings.messenger.live.com/Conversation/[email protected]&mkt=zh-cn&useTheme=true&themeName=orange&foreColor=333333&backColor=FDC098&linkColor=333333&borderColor=FB8233&buttonForeColor=333333&buttonBackColor=FFC9A5&buttonBorderColor=FB8233&buttonDisabledColor=FFC9A5&headerForeColor=333333&headerBackColor=FC9E60&menuForeColor=333333&menuBackColor=FFFFFF&chatForeColor=333333&chatBackColor=FFFFFF&chatDisabledColor=F6F6F6&chatErrorColor=760502&chatLabelColor=6E6C6C"></div>
<script type="text/javascript" src="http://messenger.services.live.com/users/[email protected]/presence?dt=&mkt=zh-cn&cb=Microsoft_Live_Messenger_PresenceButton_onPresence"></script>
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货