How to prevent XSS attacks by cookies on the front end

Others 2021-03-07 05:43:23 views: null

XSS is a cross-site scripting attack, in which the attacker embeds JavaScript scripts in the returned HTML.

Prevent XSS attacks

Configure on the HTTP header, set-cookie
has two attributes to prevent XSS attacks

  • httponly-: This attribute can prohibit JavaScript from accessing cookies, so it can protect cookies from being acquired by embedded malicious code.
  • secure -: This attribute tells the client browser to send cookies only when requested on https

Such as:

response.setHeader("Set-Cookie", "cookiename=httponlyTest;Path=/;Domain=domainvalue;Max-Age=seconds;HTTPOnly");

Guess you like

Origin blog.csdn.net/qq_43263320/article/details/114413239
Recommended
Linus is the most active in "eating dog food"!
Ranking
Share good programmer web front-end array and sorting, de-duplication and random roll call
Compilation error caused by cv_bridge and python version problems error: return-statement with no value, in function returning'void*' [-fpe
魔众帮助中心系统 v3.1.0 首页切换器,界面优化
Die beim Millimeterwellenradar-Integrationstest aufgetretene Grube (Multiprozessbindung an einen UDP-Port verursacht Probleme)
How to suppress the "requires transitive directive for an automatic module" warning properly?
LeetCode-1743. Restore the Array From Adjacent Pairs-Analysis and Code (Java)
Summer 2019 Summer soft essay 7 workers
Python中Assert断言的使用语法和例子
LeetCode one question per day (2021-2-3 sliding window median)
Fairchild, the ancestor of semiconductors, the legend of the first trillion-dollar start-up
Daily
More
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)

Code World

© 2018 codetd.com