{"id":10018,"date":"2022-10-31T17:23:41","date_gmt":"2022-10-31T09:23:41","guid":{"rendered":"https:\/\/bhcom.tki.tw\/%e6%9c%aa%e5%88%86%e9%a1%9e\/10018"},"modified":"2022-10-31T17:23:41","modified_gmt":"2022-10-31T09:23:41","slug":"%e9%a7%ad%e5%ae%a2%e6%94%bb%e6%93%8a%e6%89%8b%e6%b3%95%e5%88%86%e4%ba%ab-%e4%bb%80%e9%ba%bc%e6%98%af%e8%b7%a8%e7%ab%99%e8%85%b3%e6%9c%ac%e6%94%bb%e6%93%8across-site-scripting-xss","status":"publish","type":"post","link":"https:\/\/www.baohwatrust.com\/en\/technical-article\/10018","title":{"rendered":"\u99ed\u5ba2\u653b\u64ca\u624b\u6cd5\u5206\u4eab-\u4ec0\u9ebc\u662f\u8de8\u7ad9\u8173\u672c\u653b\u64ca(Cross-Site-Scripting, XSS)?"},"content":{"rendered":"\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-4s6hqo-65570a3c612e7dc6a57996562fc9ebf2\">\n.flex_column.av-4s6hqo-65570a3c612e7dc6a57996562fc9ebf2{\n-webkit-border-radius:0px 0px 0px 0px;\n-moz-border-radius:0px 0px 0px 0px;\nborder-radius:0px 0px 0px 0px;\npadding:0px 0px 0px 0px;\n}\n<\/style>\n<div class='flex_column av-4s6hqo-65570a3c612e7dc6a57996562fc9ebf2 av_one_full  avia-builder-el-0  el_before_av_heading  avia-builder-el-first  first flex_column_div av-zero-column-padding '     ><style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-l5mas88s-5221d31d4873b23902a9a9bf81946e51\">\n.avia-image-container.av-l5mas88s-5221d31d4873b23902a9a9bf81946e51 img.avia_image{\nbox-shadow:none;\n}\n.avia-image-container.av-l5mas88s-5221d31d4873b23902a9a9bf81946e51 .av-image-caption-overlay-center{\ncolor:#ffffff;\n}\n<\/style>\n<div  class='avia-image-container av-l5mas88s-5221d31d4873b23902a9a9bf81946e51 av-styling- avia-align-center  avia-builder-el-1  avia-builder-el-no-sibling '   itemprop=\"image\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/ImageObject\" ><div class=\"avia-image-container-inner\"><div class=\"avia-image-overlay-wrap\"><img class='wp-image-9813 avia-img-lazy-loading-not-9813 avia_image ' src='https:\/\/www.baohwatrust.com\/wp-content\/uploads\/2022\/10\/\u5716\u7247\u88fd\u4f5c.jpg' alt='\u8de8\u7ad9\u8173\u672c\u653b\u64ca' title='\u8de8\u7ad9\u8173\u672c\u653b\u64ca'  height=\"720\" width=\"1280\"  itemprop=\"thumbnailUrl\"  \/><\/div><\/div><\/div><\/div>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-l9wk2dtn-eb21f360ef92ecd01ef9f6f61e58690f\">\n#top .av-special-heading.av-l9wk2dtn-eb21f360ef92ecd01ef9f6f61e58690f{\nmargin:0 0 0% 0;\npadding-bottom:10px;\ncolor:#efaf1a;\n}\nbody .av-special-heading.av-l9wk2dtn-eb21f360ef92ecd01ef9f6f61e58690f .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-l9wk2dtn-eb21f360ef92ecd01ef9f6f61e58690f .special-heading-inner-border{\nborder-color:#efaf1a;\n}\n.av-special-heading.av-l9wk2dtn-eb21f360ef92ecd01ef9f6f61e58690f .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  class='av-special-heading av-l9wk2dtn-eb21f360ef92ecd01ef9f6f61e58690f av-special-heading-h2 custom-color-heading blockquote modern-quote  avia-builder-el-2  el_after_av_one_full  el_before_av_one_full '><h2 class='av-special-heading-tag'  itemprop=\"headline\"  >\u99ed\u5ba2\u653b\u64ca\u624b\u6cd5\u5206\u4eab-\u4ec0\u9ebc\u662f\u8de8\u7ad9\u8173\u672c\u653b\u64ca(Cross-Site-Scripting, XSS)?<\/h2><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><\/p>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-2aree8-6b7d08dc1462ae7391d3ad553a0b2430\">\n.flex_column.av-2aree8-6b7d08dc1462ae7391d3ad553a0b2430{\n-webkit-border-radius:0px 0px 0px 0px;\n-moz-border-radius:0px 0px 0px 0px;\nborder-radius:0px 0px 0px 0px;\npadding:0px 0px 0px 0px;\n}\n<\/style>\n<div class='flex_column av-2aree8-6b7d08dc1462ae7391d3ad553a0b2430 av_one_full  avia-builder-el-3  el_after_av_heading  avia-builder-el-last  first flex_column_div av-zero-column-padding '     ><p>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-av_heading-f90a263a2ae4e87661ab39e91e180670\">\n#top .av-special-heading.av-av_heading-f90a263a2ae4e87661ab39e91e180670{\nmargin:0 0 -3% 0;\npadding-bottom:10px;\n}\nbody .av-special-heading.av-av_heading-f90a263a2ae4e87661ab39e91e180670 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-av_heading-f90a263a2ae4e87661ab39e91e180670 .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  class='av-special-heading av-av_heading-f90a263a2ae4e87661ab39e91e180670 av-special-heading-h3 blockquote modern-quote  avia-builder-el-4  el_before_av_textblock  avia-builder-el-first '><h3 class='av-special-heading-tag'  itemprop=\"headline\"  >\u4ec0\u9ebc\u662f XSS?<\/h3><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-l5makhf8-e9988d0dc08ec5d692f4c51b59119c11\">\n#top .av_textblock_section.av-l5makhf8-e9988d0dc08ec5d692f4c51b59119c11 .avia_textblock{\nfont-size:18px;\n}\n<\/style>\n<section  class='av_textblock_section av-l5makhf8-e9988d0dc08ec5d692f4c51b59119c11'  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>\u8de8\u7ad9\u8173\u672c\u653b\u64ca (Cross-Site Scripting, XSS)\uff0c\u662f\u4e00\u7a2e\u6ce8\u5165\u578b\u7684\u653b\u64ca\u578b\u614b\u3002\u7576\u5b58\u5728\u9019\u985e\u578b\u5f31\u9ede\uff0c<span style=\"color: #800000;\">\u5c07\u53ef\u4ee5\u4f7f\u5f97\u4efb\u610f JavaScript \u7a0b\u5f0f\u78bc\u63d2\u5165\u5230\u7db2\u7ad9\u9801\u9762\u4e2d\u57f7\u884c\u4ee5\u9054\u5230\u653b\u64ca\u76ee\u7684<\/span>\uff0c\u901a\u5e38\u653b\u64ca\u8005\u5229\u7528\u8a72\u7db2\u9801\u4e00\u4e9b\u53ef\u4ee5\u8207\u4f7f\u7528\u8005\u4e92\u52d5\u7684\u529f\u80fd\u5982\u641c\u5c0b\u6b04\u3001\u767b\u5165\u4ecb\u9762\u7b49\u7b49\u5728 HTML \u9801\u9762\u88e1\u63d2\u5165\u60e1\u610f\u7a0b\u5f0f\u78bc\uff0c\u7576\u4f7f\u7528\u8005\u700f\u89bd\u8a72\u9801\u9762\u6642\u6f5b\u85cf\u5728 HTML \u4e2d\u7684\u60e1\u610f\u7a0b\u5f0f\u78bc\u5373\u88ab\u57f7\u884c\u5f9e\u800c\u9054\u5230\u653b\u64ca\u8005\u7684\u7279\u6b8a\u76ee\u7684\u5982 Cookie \u7aca\u53d6\u3001\u9375\u76e4\u5074\u9304\u7b49\u3002<\/p>\n<\/div><\/section><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-l9wkke6r-342857f618a7ea61ce3b608e39dd00eb\">\n#top .av-special-heading.av-l9wkke6r-342857f618a7ea61ce3b608e39dd00eb{\nmargin:3% 0 -3% 0;\npadding-bottom:10px;\n}\nbody .av-special-heading.av-l9wkke6r-342857f618a7ea61ce3b608e39dd00eb .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-l9wkke6r-342857f618a7ea61ce3b608e39dd00eb .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  class='av-special-heading av-l9wkke6r-342857f618a7ea61ce3b608e39dd00eb av-special-heading-h3 blockquote modern-quote  avia-builder-el-6  el_after_av_textblock  el_before_av_textblock '><h3 class='av-special-heading-tag'  itemprop=\"headline\"  >XSS \u7522\u751f\u539f\u56e0<\/h3><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-l5makhf8-e9988d0dc08ec5d692f4c51b59119c11\">\n#top .av_textblock_section.av-l5makhf8-e9988d0dc08ec5d692f4c51b59119c11 .avia_textblock{\nfont-size:18px;\n}\n<\/style>\n<section  class='av_textblock_section av-l5makhf8-e9988d0dc08ec5d692f4c51b59119c11'  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>\u5f62\u6210 XSS\u5f31\u9ede\u7684\u4e3b\u8981\u539f\u56e0\u662f<span style=\"color: #800000;\">\u670d\u52d9\u4f3a\u670d\u5668\u7aef\u7a0b\u5f0f\u5c0d\u8f38\u5165\u548c\u8f38\u51fa\u4e4b\u63a7\u5236\u4e0d\u5920\u56b4\u8b39<\/span>\uff0c\u4ee5\u81f3\u65bc\u8173\u672c\u8f38\u5165\u5f8c\u518d\u8f38\u51fa\u5230\u524d\u7aef\u6642\u88ab\u700f\u89bd\u5668\u89e3\u6790\u6210\u7a0b\u5f0f\u78bc\u7684\u4e00\u90e8\u5206\u57f7\u884c\u4e26\u53ef\u80fd\u7522\u751f\u5371\u5bb3\u3002<\/p>\n<\/div><\/section><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-l9wklb8r-c880327785e7eb57d43c94825b67b1bc\">\n#top .av-special-heading.av-l9wklb8r-c880327785e7eb57d43c94825b67b1bc{\nmargin:3% 0 -3% 0;\npadding-bottom:10px;\n}\nbody .av-special-heading.av-l9wklb8r-c880327785e7eb57d43c94825b67b1bc .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-l9wklb8r-c880327785e7eb57d43c94825b67b1bc .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  class='av-special-heading av-l9wklb8r-c880327785e7eb57d43c94825b67b1bc av-special-heading-h3 blockquote modern-quote  avia-builder-el-8  el_after_av_textblock  el_before_av_textblock '><h3 class='av-special-heading-tag'  itemprop=\"headline\"  >XSS \u7a2e\u985e<\/h3><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n<section  class='av_textblock_section av-l6lub1bh-bfa9fc175dabf1060e5e29fca6b1e20c'  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p><strong><span style=\"color: #000000;\">1. Reflected XSS<\/span><\/strong><br \/>\n\u70ba\u53cd\u5c04\u578b\u4e4b XSS \uff0c\u6240\u8b02\u53cd\u5c04\u578b\u7684\u610f\u601d\u662f\u56e0\u70ba\u4f3a\u670d\u5668\u56de\u50b3\u7684 HTML \u8cc7\u6599\u4e2d\u67d0\u4e9b\u6578\u64da\u9700\u900f\u904e URL \u4e2d\u7684\u67e5\u8a62\u53c3\u6578\u5f97\u4f86\uff0c\u5c31\u50cf\u5728 URL \u4e2d\u8f38\u5165\u7684\u8cc7\u6599\u6703\u53cd\u5c04\u81f3\u56de\u50b3\u7684 HTML \u6a94\u6848\u4e2d\u3002\u4ee5\u4e0bXSS\u53ef\u80fd\u662f\u99ed\u5ba2\u60f3\u57f7\u884c\u7684\u5167\u5bb9\uff0c\u5982:\u8df3\u51fa\u4e0d\u96c5\u5716\u7247\u3001\u5047\u6d88\u606f\u3001\u8df3\u8f49\u81f3\u60e1\u610f\u6216\u91e3\u9b5a\u7db2\u9801\uff0c<span class=\"TextRun SCXW20943158 BCX9\" lang=\"ZH-TW\" xml:lang=\"ZH-TW\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW20943158 BCX9\">\u53ef\u80fd\u767c\u751f\u6b64\u7a2e\u653b\u64ca\u7684\u4f4d\u7f6e\u5982\u4e0b<\/span><\/span><span class=\"TextRun SCXW20943158 BCX9\" lang=\"ZH-TW\" xml:lang=\"ZH-TW\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW20943158 BCX9\">:<\/span><\/span><span class=\"EOP SCXW20943158 BCX9\" data-ccp-props=\"{\">\u00a0<\/span><\/p>\n<ul>\n<li>HTML\u00a0\u7684\u6a19\u7c64\u4e4b\u9593\uff0c\u4f8b\u5982\uff1a{XSS}<\/li>\n<li>HTML \u7684\u5c6c\u6027\uff0c\u4f8b\u5982\uff1a&lt;\u00a0 input name=&#8221;test&#8221; value=&#8221;{XSS}&#8221;\u00a0 &gt;<\/li>\n<li>HTML \u4e2d\u6539\u8b8a URL\uff0c\u4f8b\u5982\uff1a&lt; a href={XSS}&gt;<\/li>\n<li>CSS\u00a0\u7684\u503c\uff0c\u4f8b\u5982\uff1acolor:{XSS}<\/li>\n<li>JavaScript\u00a0\u4e2d\uff0c\u4f8b\u5982\uff1avar name={XSS}<\/li>\n<\/ul>\n<p><strong><span style=\"color: #000000;\">2<\/span><span style=\"color: #000000;\">. Stored XSS<\/span><\/strong><br \/>\n\u70ba\u5132\u5b58\u578b\u4e4b XSS \uff0c\u6240\u8b02\u5132\u5b58\u578b\u7684\u610f\u601d\u662f\u8b93 JavaScript \u53ef\u4ee5\u5132\u5b58\u5728\u7db2\u7ad9\u8cc7\u6599\u5eab\u4e2d\uff0c\u4f8b\u5982\u7121\u540d\u5c0f\u7ad9\u7684\u7559\u8a00\u677f\uff0c\u56e0\u6b64\u653b\u64ca\u8005\u82e5\u5c07\u60e1\u610f JavaScript \u7a0b\u5f0f\u78bc\u900f\u904e\u7559\u8a00\u677f\u5b58\u9032\u4f3a\u670d\u5668\u5f8c\u7aef\u8cc7\u6599\u5eab\u4e2d\uff0c\u6bcf\u7576\u6709\u4f7f\u7528\u8005\u700f\u89bd\u8a72\u7559\u8a00\u677f\uff0c\u60e1\u610f\u7a0b\u5f0f\u78bc\u5c07\u6703\u5f9e\u8cc7\u6599\u5eab\u5f8c\u7aef\u88ab\u6488\u51fa\u4f86\u4e26\u57f7\u884c\u3002\u56e0\u60e1\u610f\u7a0b\u5f0f\u78bc\u5b58\u9032\u8cc7\u6599\u5eab\u6bcf\u6b21\u700f\u89bd\u5373\u57f7\u884c\uff0c\u4ea6\u6709\u6301\u7e8c\u578b XSS \u4e00\u7a31\u3002<\/p>\n<p><strong><span style=\"color: #000000;\">3<\/span><span style=\"color: #000000;\">. DOM Based XSS<\/span><\/strong><br \/>\nDOM (Document Object Model) \u70ba\u6587\u4ef6\u7269\u4ef6\u6a21\u578b\u7684\u7e2e\u5beb\uff0c\u662f\u628a\u4e00\u4efd HTML \u6587\u4ef6\u5167\u7684\u6a19\u7c64\u5b9a\u7fa9\u6210\u7269\u4ef6\u3002DOM \u65e8\u5728\u898f\u7bc4\u4e00\u500b\u6a19\u6e96\u4f7f\u5f97\u4e0d\u540c\u516c\u53f8\u53ef\u4ee5\u6309\u7167\u898f\u5247\u8a2d\u8a08\u700f\u89bd\u5668\uff0c\u5982\u6b64\u4e00\u4f86\u5c31\u4e0d\u9808\u7528\u91dd\u5c0d\u4e0d\u540c\u700f\u89bd\u5668\u7de8\u5beb\u4e0d\u540c\u7684\u7db2\u9801\u7a0b\u5f0f\u3002\u8207\u524d\u5169\u7a2e XSS \u653b\u64ca\u985e\u578b\u5dee\u5225\u5728\u65bc\u6240\u586b\u5165\u7684\u60e1\u610f\u7a0b\u5f0f\u78bc\u662f\u5426\u5728\u524d\u7aef\u88ab\u6e32\u67d3\u51fa\u4f86\uff0c\u800c\u9019\u985e\u7d93\u7531 JavaScript \u5728\u524d\u7aef\u6e32\u67d3\u6240\u7522\u751f\u7684 XSS \u5f31\u9ede\u88ab\u7a31\u70ba DOM Based XSS\u3002<\/p>\n<\/div><\/section><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-l9wk0bpg-6eab4ff9cc4cd5ca08b5c0c3f219eec9\">\n#top .av-special-heading.av-l9wk0bpg-6eab4ff9cc4cd5ca08b5c0c3f219eec9{\nmargin:3% 0 -2% 0;\npadding-bottom:10px;\n}\nbody .av-special-heading.av-l9wk0bpg-6eab4ff9cc4cd5ca08b5c0c3f219eec9 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-l9wk0bpg-6eab4ff9cc4cd5ca08b5c0c3f219eec9 .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  class='av-special-heading av-l9wk0bpg-6eab4ff9cc4cd5ca08b5c0c3f219eec9 av-special-heading-h3 blockquote modern-quote  avia-builder-el-10  el_after_av_textblock  el_before_av_textblock '><h3 class='av-special-heading-tag'  itemprop=\"headline\"  >XSS \u53ef\u4ee5\u505a\u5230\u90a3\u4e9b\u4e8b<\/h3><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n<section  class='av_textblock_section av-l6lub1bh-bfa9fc175dabf1060e5e29fca6b1e20c'  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><ul>\n<li><span style=\"color: #000000;\">\u7aca\u53d6 Cookie<\/span><br \/>\n\u653b\u64ca\u8005\u53ef\u5728 JavaScript \u4e2d\u900f\u904e\u00a0document.cookie\u00a0\u53d6\u5f97 Cookie \u8a0a\u606f\u3002<br \/>\nCookie \u901a\u5e38\u88ab\u7528\u4f86\u4f7f\u7db2\u7ad9\u8fa8\u8a8d\u4f7f\u7528\u8005\u8eab\u5206\uff0c\u4f8b\u5982\u8f38\u5165\u5e33\u865f\u5bc6\u78bc\u767b\u5165 Facebook \u6210\u529f\u5f8c\uff0c\u4e0b\u6b21\u8a2a\u554f\u5c31\u6703\u56e0\u70ba\u651c\u5e36\u542b\u6709\u767b\u5165\u8cc7\u8a0a\u7684 Cookie \u800c\u4e0d\u7528\u518d\u6b21\u767b\u5165\u9a57\u8b49\u8eab\u5206\u3002\u56e0\u6b64\u7576\u653b\u64ca\u8005\u53d6\u5f97\u5408\u6cd5\u4f7f\u7528\u8005\u4e4b Cookie \u5f8c\uff0c\u4ee5\u524d\u8ff0\u4f8b\u5b50\u800c\u8a00\u5373\u53ef\u7121\u9700\u5e33\u865f\u5bc6\u78bc\u767b\u5165\u4ed6\u4eba\u5e33\u6236\uff0c\u518d\u900f\u904e\u66f4\u6539\u5bc6\u78bc\u53d6\u5f97\u8a72\u5e33\u6236\u7684\u4f7f\u7528\u6b0a\u7b49\u7b49\u5371\u5bb3\u3002<\/li>\n<li><span style=\"color: #000000;\">\u8df3\u8f49\u60e1\u610f\u7db2\u7ad9<\/span><br \/>\n\u900f\u904e\u5728\u7db2\u5740\u5217\u63d2\u5165\u60e1\u610f JavaScript \u4ee3\u78bc\u4f7f\u5f97\u8a2a\u554f\u7684\u7db2\u7ad9\u88ab\u8df3\u8f49\u81f3\u60e1\u610f\u6216\u91e3\u9b5a\u7db2\u7ad9\uff0c\u5c0e\u81f4\u6a5f\u654f\u8cc7\u6599\u6d29\u6f0f\u7b49\u7b49\u3002<\/li>\n<li><span style=\"color: #000000;\">\u9375\u76e4\u5074\u9304<\/span><br \/>\nJavaScript \u80fd\u505a\u5230\u7684\u9060\u9060\u4e0d\u6b62\u65bc\u6b64\uff0c\u5176\u4e2d\u5f37\u5927\u7684\u529f\u80fd\u53ef\u4ee5\u8a18\u9304\u4f7f\u7528\u8005\u5728\u700f\u89bd\u5668\u7684\u5927\u90e8\u5206\u64cd\u4f5c\uff0c\u4f8b\u5982\u9375\u76e4\u5074\u9304\u7b49\u7b49\u53ef\u5c07\u4f7f\u7528\u8005\u7684\u5e33\u865f\u5bc6\u78bc\u4e00\u89bd\u7121\u907a\uff0cXSS\u4e4b\u5371\u5bb3\u4ee5\u4e0a\u50c5\u50c5\u662f\u51b0\u5c71\u4e00\u89d2\uff0c\u7531\u4e0a\u8ff0\u53ef\u77e5\u9019\u4e9b\u653b\u64ca\u5c0d\u4f7f\u7528\u8005\u7684\u5a01\u8105\u975e\u5e38\u9ad8\u9700\u8981\u5927\u5bb6\u610f\u8b58\u5230\u4e14\u505a\u597d\u9632\u7bc4\u63aa\u65bd\u624d\u53ef\u4ee5\u907f\u514d\u5f8c\u7e8c\u9020\u6210\u7684\u56b4\u91cd\u5f71\u97ff\u3002<\/li>\n<\/ul>\n<\/div><\/section><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-l9wklrnf-f4cfbaf0e9552ba9bed778b20226176d\">\n#top .av-special-heading.av-l9wklrnf-f4cfbaf0e9552ba9bed778b20226176d{\nmargin:3% 0 -3% 0;\npadding-bottom:10px;\n}\nbody .av-special-heading.av-l9wklrnf-f4cfbaf0e9552ba9bed778b20226176d .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-l9wklrnf-f4cfbaf0e9552ba9bed778b20226176d .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  class='av-special-heading av-l9wklrnf-f4cfbaf0e9552ba9bed778b20226176d av-special-heading-h3 blockquote modern-quote  avia-builder-el-12  el_after_av_textblock  el_before_av_textblock '><h3 class='av-special-heading-tag'  itemprop=\"headline\"  >\u7d50\u8a9e<\/h3><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n<section  class='av_textblock_section av-l6lub1bh-bfa9fc175dabf1060e5e29fca6b1e20c'  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>\u6211\u5011\u5f9e<a href=\"https:\/\/zeroday.hitcon.org\/\"> HITCON ZeroDay \u6f0f\u6d1e\u901a\u5831\u5e73\u53f0<\/a>\u7576\u4e2d\u53ef\u67e5\u770b\u904e\u5f80\u5df2\u63ed\u767c\u6f0f\u6d1e\u7684\u5e73\u53f0\uff0c\u7d93\u904e\u7be9\u9078 XSS \u985e\u578b\u88e1\u9762\u53ef\u4ee5\u767c\u73fe\u975e\u5e38\u591a\u7684\u516c\u53f8\u4f01\u696d\u751a\u81f3\u6559\u80b2\u5b78\u754c\u3001\u57fa\u91d1\u6703\u7b49\u7b49\u8af8\u591a\u7d44\u7e54\u7684\u7cfb\u7d71\u7686\u6709\u88ab\u63ed\u9732\u904e\u6b64\u985e\u578b\u5f31\u9ede\uff0c\u5176\u4e2d\u5305\u62ec\u528d\u6e56\u5c71\u3001\u5168\u5bb6\u8207\u53f0\u7063\u5927\u5b78\u7b49\u7b49\uff0c\u53e6\u5916\u5f9e\u5168\u7403\u5177\u6709\u6307\u6a19\u6027\u7684\u958b\u653e\u5f0f\u7db2\u9801\u61c9\u7528\u7a0b\u5f0f\u5b89\u5168\u5c08\u6848 (OWASP) \u57fa\u91d1\u6703\u5c0d XSS \u5f31\u9ede\u5217\u70ba\u524d\u5341\u5927\u8cc7\u5b89\u554f\u984c\u4e2d\u4e4b\u7b2c\u4e09\u540d\uff0c\u53ef\u77e5\u9019\u6a23\u7684\u653b\u64ca\u5df2\u7d93\u6dea\u70ba\u5e38\u614b\uff0c\u4e5f\u662f\u5f88\u5e38\u898b\u4e14\u5bb9\u6613\u88ab\u5229\u7528\u7684\u5f31\u9ede\u4e4b\u4e00\uff0c\u56e0\u6b64\u958b\u767c\u6642\u9700\u66f4\u52a0\u6ce8\u610f\u6b64\u985e\u578b\u9020\u6210\u7684\u5371\u5bb3\u3002<\/p>\n<\/div><\/section><br \/>\n<div  class='hr av-2aa2pt-5897eb3c7299b904e1b029ad623a8eb3 hr-default  avia-builder-el-14  el_after_av_textblock  el_before_av_heading '><span class='hr-inner '><span class=\"hr-inner-style\"><\/span><\/span><\/div><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-l9wkdg1o-3317629b71ff8ea921baad761f52b147\">\n#top .av-special-heading.av-l9wkdg1o-3317629b71ff8ea921baad761f52b147{\nmargin:3% 0 -3% 0;\npadding-bottom:10px;\n}\nbody .av-special-heading.av-l9wkdg1o-3317629b71ff8ea921baad761f52b147 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-l9wkdg1o-3317629b71ff8ea921baad761f52b147 .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  class='av-special-heading av-l9wkdg1o-3317629b71ff8ea921baad761f52b147 av-special-heading-h3 blockquote modern-quote  avia-builder-el-15  el_after_av_hr  el_before_av_textblock '><h3 class='av-special-heading-tag'  itemprop=\"headline\"  >\u60f3\u4e86\u89e3\u7db2\u9801\u662f\u5426\u5b58\u6709XSS\u653b\u64ca\u6f0f\u6d1e?<\/h3><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n<section  class='av_textblock_section av-l6lub1bh-bfa9fc175dabf1060e5e29fca6b1e20c'  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>\u4fdd\u83ef\u8cc7\u5b89\u4e4b<a href=\"https:\/\/www.baohwatrust.com\/product\/source-code-analysis\">\u6e90\u78bc\u6aa2\u6e2c<\/a>\u3001<a href=\"https:\/\/www.baohwatrust.com\/product\/penetration-test\">\u6ef2\u900f\u6e2c\u8a66<\/a>\u3001<a href=\"https:\/\/www.baohwatrust.com\/product\/web-vulnerability-test\">\u7db2\u9801\u5f31\u9ede\u6383\u63cf<\/a>\u7b493\u9805\u8cc7\u5b89\u6aa2\u6e2c\u670d\u52d9\u53ef\u4ee5\u5354\u52a9\u4f01\u696d\u6aa2\u8996\u7db2\u9801\u662f\u5426\u5b58\u6709XSS\u653b\u64ca\u4e4b\u8cc7\u5b89\u5a01\u8105\uff0c\u6709\u76f8\u95dc\u9700\u6c42\u6b61\u8fce\u8207\u6211\u5011\u806f\u7d61!<br \/>\n\u9023\u7d61\u96fb\u8a71:2557-3966<br \/>\n\u4fe1\u7bb1:service@baohwa4trust4.com<\/p>\n<p>(\u5716\u7247\u4f86\u6e90:\u00a0https:\/\/www.pexels.com\/zh-tw\/photo\/38275\/)<\/p>\n<\/div><\/section><\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>\u8de8\u7ad9\u8173\u672c\u653b\u64ca (Cross-Site Scripting, XSS)\uff0c\u662f\u4e00\u7a2e\u6ce8\u5165\u578b\u7684\u653b\u64ca\u578b\u614b\u3002\u7576\u5b58\u5728\u9019\u985e\u578b\u5f31\u9ede\uff0c\u5c07\u53ef\u4ee5\u4f7f\u5f97\u4efb\u610f JavaScript \u7a0b\u5f0f\u78bc\u63d2\u5165\u5230\u7db2\u7ad9\u9801\u9762\u4e2d\u57f7\u884c\u4ee5\u9054\u5230\u653b\u64ca\u76ee\u7684\u3002\u95b1\u8b80\u66f4\u591a&#8230;<\/p>\n","protected":false},"author":2,"featured_media":9813,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[136],"tags":[127,128,129,130,131,132,133,134,135],"class_list":["post-10018","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technical-article","tag-iec62443-en-2","tag-iso27001-en-2","tag-cultivate-cybersecurity-awareness","tag-industrial-control-system-cybersecurity","tag-strengthen-enterprise-cybersecurity-foundation","tag-manufacturing-cybersecurity","tag-information-security-system","tag-information-security-system-governance","tag--en"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.baohwatrust.com\/en\/wp-json\/wp\/v2\/posts\/10018","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.baohwatrust.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.baohwatrust.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.baohwatrust.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.baohwatrust.com\/en\/wp-json\/wp\/v2\/comments?post=10018"}],"version-history":[{"count":0,"href":"https:\/\/www.baohwatrust.com\/en\/wp-json\/wp\/v2\/posts\/10018\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.baohwatrust.com\/en\/wp-json\/wp\/v2\/media\/9813"}],"wp:attachment":[{"href":"https:\/\/www.baohwatrust.com\/en\/wp-json\/wp\/v2\/media?parent=10018"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.baohwatrust.com\/en\/wp-json\/wp\/v2\/categories?post=10018"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.baohwatrust.com\/en\/wp-json\/wp\/v2\/tags?post=10018"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}