http://liuzidong.iteye.com/blog/1744023

參考資料?
1 跨網(wǎng)站腳本?http://zh.wikipedia.org/wiki/XSS?
2?http://code.google.com/p/xssprotect/?
一 跨網(wǎng)站腳本介紹?
???? 跨網(wǎng)站腳本（Cross-site scripting，通常簡(jiǎn)稱為XSS或跨站腳本或跨站腳本攻擊）是一種網(wǎng)站應(yīng)用程序的安全漏洞攻擊，是代碼注入的一種。它允許惡意用戶將代碼注入到網(wǎng)頁(yè)上，其他用戶在觀看網(wǎng)頁(yè)時(shí)就會(huì)受到影響。這類攻擊通常包含了HTML以及用戶端腳本語(yǔ)言。?
XSS攻擊通常指的是通過(guò)利用網(wǎng)頁(yè)開(kāi)發(fā)時(shí)留下的漏洞，通過(guò)巧妙的方法注入惡意指令代碼到網(wǎng)頁(yè)，使用戶加載并執(zhí)行攻擊者惡意制造的網(wǎng)頁(yè)程序。這些惡意網(wǎng)頁(yè)程序通常是JavaScript，但實(shí)際上也可以包括Java， VBScript， ActiveX， Flash 或者甚至是普通的HTML。攻擊成功后，攻擊者可能得到包括但不限于更高的權(quán)限（如執(zhí)行一些操作）、私密網(wǎng)頁(yè)內(nèi)容、會(huì)話和cookie等各種內(nèi)容。?
二 常用的XSS攻擊手段和目的?
? 盜用 cookie ，獲取敏感信息。?
利用植入 Flash ，通過(guò) crossdomain 權(quán)限設(shè)置進(jìn)一步獲取更高權(quán)限；或者利用Java等得到類似的操作。?
利用 iframe、frame、XMLHttpRequest或上述Flash等方式，以（被攻擊）用戶的身份執(zhí)行一些管理動(dòng)作，或執(zhí)行一些一般的如發(fā)微博、加好友、發(fā)私信等操作。?
? 利用可被攻擊的域受到其他域信任的特點(diǎn)，以受信任來(lái)源的身份請(qǐng)求一些平時(shí)不允許的操作，如進(jìn)行不當(dāng)?shù)耐镀被顒?dòng)。?
? 在訪問(wèn)量極大的一些頁(yè)面上的XSS可以攻擊一些小型網(wǎng)站，實(shí)現(xiàn)DDoS攻擊的效果。?
三 漏洞的防御和利用?
避免XSS的方法之一主要是將用戶所提供的內(nèi)容進(jìn)行過(guò)濾，許多語(yǔ)言都有提供對(duì)HTML的過(guò)濾：?

??? PHP的htmlentities()或是htmlspecialchars()。?
??? Python的cgi.escape()。?
??? ASP的Server.HTMLEncode()。?
??? ASP.NET的Server.HtmlEncode()或功能更強(qiáng)的Microsoft Anti-Cross Site Scripting Library?
??? Java的xssprotect(Open Source Library)。?
??? Node.js的node-validator。?
四 xssprotect?
在Eclipse中通過(guò)svn檢出項(xiàng)目源地址：http://xssprotect.googlecode.com/svn/trunk/如下圖?
?
通用使用方式：http://code.google.com/p/xssprotect/wiki/HowTouse?

Java代碼??

package?com.xss.example;??

??

import?java.io.IOException;??

import?java.io.StringReader;??

import?java.io.StringWriter;??

??

import?com.blogspot.radialmind.html.HTMLParser;??

import?com.blogspot.radialmind.html.HandlingException;??

import?com.blogspot.radialmind.xss.XSSFilter;??

??

public?class?XSSTest?{??

??

????public?static?void?main(String[]?args)?{??

????????String?html?=?"<html><head>?<title>?New?Document?</title>?"?+??

????????????????"<script?type='text/javascript'>??alert('dddd');???</script>?"?+??

????????????????"</head>?<body>"?+??

????????????????"222?<iframe??src='www.google.com'/>??1111"?+??

????????????????"<embed?></embed>"?+??

????????????????"<link>ddd</link>"?+??

????????????????"</body></html>";??

????????String?v?=?protectAgainstXSS(html);??

????????System.out.println(v);??

??

????}??

??????

????public?static?String?protectAgainstXSS(?String?html?)?{??

????????StringReader?reader?=?new?StringReader(?html?);??

????????StringWriter?writer?=?new?StringWriter();??

????????String?text?=?null;??

????????try?{??

????????????//?Parse?incoming?string?from?the?"html"?variable??

????????????HTMLParser.process(?reader,?writer,?new?XSSFilter(),?true?);??

????????????//?Return?the?parsed?and?cleaned?up?string??

????????????text?=??writer.toString();??

????????}?catch?(HandlingException?e)?{??

????????????//?Handle?the?error?here?in?accordance?with?your?coding?policies...??

????????}finally{??

????????????try?{??

????????????????writer.close();??

????????????????reader.close();??

????????????}?catch?(IOException?e)?{?????????????????

????????????????e.printStackTrace();??

????????????}?????????????

????????}??

????????return?text;??

????}??

}??

在它的源代碼中有二個(gè)類需要關(guān)注下：?
BaseTestCase.java?
Java代碼??

public?abstract?class?BaseTestCase?extends?TestCase?{??

????protected?void?testExecute(?String?html,?String?result?)?{??

????????StringReader?reader?=?new?StringReader(?html?);??

????????StringWriter?writer?=?new?StringWriter();??

??????????

????????try?{??

????????????HTMLParser.process(?reader,?writer,?new?XSSFilter(),?true?);??

????????????String?buffer?=?new?String(?writer.toString()?);??

????????????System.out.println(?buffer?);??

????????????assertEquals(?result,?buffer?);??

????????}?catch?(HandlingException?e)?{??

????????????e.printStackTrace();??

????????????fail(?e.getMessage()?);??

????????}??

????}??

}??

XSSFilter.java?
Java代碼??

/**?

?*?Copyright?2008?Gerard?Toonstra?

?*?

?*?As?an?exception,?this?particular?file??

?*?in?the?project?is?public?domain?to?allow?totally?

?*?free?derivations?of?this?code.?

?*??

?*/??

??

package?com.blogspot.radialmind.xss;??

??

import?java.util.HashSet;??

import?java.util.Set;??

??

import?com.blogspot.radialmind.html.IHTMLFilter;??

??

/**?

?*?Implementation?of?a?relatively?simple?XSS?filter.?This?implementation?removes?

?*?dangerous?tags?and?attributes?from?tags.?It?does?not?verify?the?validity?of??

?*?URL's?(that?may?contain?links?to?JavaScript?for?example).?It?does?not?remove?all?

?*?event?handlers?that?may?still?contain?XSS?vulnerabilities.??

?*??

?*?Embedded?objects?are?removed?because?those?may?contain?XSS?vulnerabilities?in??

?*?their?own?scripting?language?(ActionScript?for?Flash?for?example).?

?*??

?*?Feel?free?to?derive?your?own?implementation?from?this?file.?

?*??

?*?@author?gt?

?*?

?*/??

public?class?XSSFilter?implements?IHTMLFilter?{??

??????

????private?static?final?Set<String>?FORBIDDEN_TAGS?=?new?HashSet<String>();??

??????

????//?The?tags?to?be?removed.?Case?insensitive?of?course.??

????static?{??

????????FORBIDDEN_TAGS.add(?"script"?);??

????????FORBIDDEN_TAGS.add(?"embed"?);??

????????FORBIDDEN_TAGS.add(?"object"?);??

????????FORBIDDEN_TAGS.add(?"layer"?);??

????????FORBIDDEN_TAGS.add(?"style"?);??

????????FORBIDDEN_TAGS.add(?"meta"?);??

????????FORBIDDEN_TAGS.add(?"iframe"?);??

????????FORBIDDEN_TAGS.add(?"frame"?);??

????????FORBIDDEN_TAGS.add(?"link"?);??

????????FORBIDDEN_TAGS.add(?"import"?);??

????????FORBIDDEN_TAGS.add(?"xml"?);??

????}??

??????

????/**?

?????*?This?function?is?called?to?determine?if?an?attribute?should?be?filtered?or?not.?

?????*??

?????*?@param?tagName???The?name?of?the?tag?the?attribute?belongs?to?

?????*?@param?attrName??The?name?of?the?attribute?to?be?filtered?

?????*?@param?attrValue?The?value?of?the?attribute?

?????*/??

????public?boolean?filterAttribute(String?tagName,?String?attrName,?String?attrValue)?{??

????????if?(?attrName.toLowerCase().startsWith(?"on"?))?{??

????????????return?true;??

????????}??

??????????

????????return?isScriptedAttributeValue(?attrValue?);??

????}??

??

????/**?

?????*??This?method?is?called?to?determine?if?a?tag?should?be?filtered?

?????*??

?????*?@param?tagName???The?name?of?the?tag?that?was?parsed?

?????*/??

????public?boolean?filterTag(String?tagName)?{??

????????if?(?FORBIDDEN_TAGS.contains(?tagName?))?{??

????????????return?true;??

????????}??

????????return?false;??

????}??

??

????/**?

?????*?This?method?is?called?to?modify?attribute?values,?if?required?

?????*??

?????*?@param?tagName???The?name?of?the?tag?the?attribute?belongs?to?

?????*?@param?attrName??The?name?of?the?attribute?within?the?tag?

?????*?@param?attrValue?????The?value?of?the?attribute?

?????*/??

????public?String?modifyAttributeValue(String?tagName,?String?attrName,?String?attrValue)?{??

????????return?attrValue;??

????}??

??

????/**?

?????*?This?method?is?called?to?be?able?to?modify?the?text?of?a?node.?

?????*??

?????*?@param?tagName???The?name?of?the?tag?where?the?text?is?part?of.?

?????*?@param?text??????The?value?of?the?text?within?the?tagnode?(within?<tag>...</tag>)?

?????*/??

????public?String?modifyNodeText(String?tagName,?String?text)?{??

????????return?text;??

????}??

??????

????/**?

?????*?Private?method?that?determines?if?an?attribute?value?is?scripted?

?????*?(potentially?loaded?with?an?XSS?attack?vector).?

?????*??

?????*?@param?attrValue?The?value?of?the?attribute?

?????*?@return?"true"?if?the?attribute?is?scripted.?"false"?if?not.?

?????*/??

????private?boolean?isScriptedAttributeValue(?String?attrValue?)?{??

????????attrValue?=?decode(?attrValue?);??

????????attrValue?=?attrValue.trim().toLowerCase();??

??

????????if?(?attrValue.contains(?"javascript:"?))?{??

????????????return?true;??

????????}??

????????if?(?attrValue.contains(?"mocha:"?))?{??

????????????return?true;??

????????}??

????????if?(?attrValue.contains(?"eval"?))?{??

????????????return?true;??

????????}??

????????if?(?attrValue.contains(?"vbscript:"?))?{??

????????????return?true;??

????????}??

????????if?(?attrValue.contains(?"livescript:"?))?{??

????????????return?true;??

????????}??

????????if?(?attrValue.contains(?"expression("?))?{??

????????????return?true;??

????????}??

????????if?(?attrValue.contains(?"url("?))?{??

????????????return?true;??

????????}??

????????if?(?attrValue.contains(?"&{"?))?{??

????????????return?true;??

????????}??

????????if?(?attrValue.contains(?"&#"?))?{??

????????????return?true;??

????????}??

????????return?false;??

????}??

??????

????/**?

?????*?Private?method?to?remove?control?characters?from?the?value?

?????*??

?????*?@param?value?The?value?being?modified?

?????*?@return??The?value?free?from?control?characters?

?????*/??

????private?String?decode(?String?value?)?{??

????????value?=?value.replace("\u0000",?""?);??

????????value?=?value.replace("\u0001",?""?);??

????????value?=?value.replace("\u0002",?""?);??

????????value?=?value.replace("\u0003",?""?);??

????????value?=?value.replace("\u0004",?""?);??

????????value?=?value.replace("\u0005",?""?);??

????????value?=?value.replace("\u0006",?""?);??

????????value?=?value.replace("\u0007",?""?);??

????????value?=?value.replace("\u0008",?""?);??

????????value?=?value.replace("\u0009",?""?);??

????????value?=?value.replace("\n",?""?);??

????????value?=?value.replace("\u000B",?""?);??

????????value?=?value.replace("\u000C",?""?);??

????????value?=?value.replace("\r",?""?);??

????????value?=?value.replace("\u000E",?""?);??

????????value?=?value.replace("\u000F",?""?);??

????????value?=?value.replace("\u0010",?""?);??

????????value?=?value.replace("\u0011",?""?);??

????????value?=?value.replace("\u0012",?""?);??

????????value?=?value.replace("\u0013",?""?);??

????????value?=?value.replace("\u0014",?""?);??

????????value?=?value.replace("\u0015",?""?);??

????????value?=?value.replace("\u0016",?""?);??

????????value?=?value.replace("\u0017",?""?);??

????????value?=?value.replace("\u0018",?""?);??

????????value?=?value.replace("\u0019",?""?);??

????????value?=?value.replace("\u001A",?""?);??

????????value?=?value.replace("\u001B",?""?);??

????????value?=?value.replace("\u001C",?""?);??

????????value?=?value.replace("\u001D",?""?);??

????????value?=?value.replace("\u001E",?""?);??

????????value?=?value.replace("\u001F",?""?);??

????????return?value;??

????}??

}??

通過(guò)這個(gè)過(guò)濾就知道它要做什么了 ?
上傳包吧，方便

與50位技術(shù)專家面對(duì)面20年技術(shù)見(jiàn)證，附贈(zèng)技術(shù)全景圖

總結(jié)

以上是生活随笔為你收集整理的XSS之xssprotect的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。