Cross-site scripting (English: Cross-site scripting, commonly referred to as: XSS) is a security vulnerability to attack one kind of site application is code injection kind. It allows a malicious user to inject code into the Web page, other users will be affected when viewing Web pages. Such attacks often contain HTML and client scripting language .
XSS attacks usually refers to the left when developed through the use of web vulnerabilities by injecting malicious code into the pages of instructions through clever way to enable users to load and execute web application attacks by malicious fabrication. These programs are usually malicious Web pages JavaScript , but in fact may also include the Java , VBScript , ActiveX , Flash or even plain HTML . After the successful attack, the attacker may obtain elevated privileges (such as the implementation of some operations), private web page content, session and cookie all kinds of content.
New js file
export default {
escapeHtml(value) {
if (typeof value !== 'string') {
return value;
}
return value.replace(/[&<>`"'\/]/g, function(result) {
return {
'&': '&',
'<': '<',
'>': '>',
'`': '`',
'"': '"',
"'": ''',
'/': '/'
}[result];
});
}
};
The parameters xss bug may cause the return parameters by this method.
Defense and exploit vulnerabilities: https://zh.wikipedia.org/wiki/%E8%B7%A8%E7%B6%B2%E7%AB%99%E6%8C%87%E4%BB%A4%E7 % A2% BC