Cross-site scripting attack power, xss, a simple example to let you know what is xss attacks

https://blog.csdn.net/Ideality_hunter/article/details/80621138

https://www.cnblogs.com/unclekeith/p/7750681.html

 

7) HttpOnly , if you set the "HttpOnly" attribute in the Cookie, then through the program (JS script, Applet, etc.) will not be able to read the Cookie information.

HttpOnly disposed directly on Cookie Properties

https://blog.csdn.net/jinming1109/article/details/80281380

1. The need to configure the filter in web.xml
 <-! Cookie attribute HttpOnly Add ->
    <filter>
        <filter-name> CookieFilter </ filter-name>
        <filter-class> directory .CookieFilter </ filter- class>
    </ filter> 
    <filter-Mapping>
        <filter-name> CookieFilter </ filter-name>
        <URL-pattern> / * </ URL-pattern>
    </ filter-Mapping>

2.java file

import java.io.IOException;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Date;
import java.util.Locale;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class CookieFilter implements Filter {
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse resp = (HttpServletResponse) response;

        Cookie[] cookies = req.getCookies();

        if (cookies != null) {
            Cookie cookie = cookies[0];
            if (cookie != null) {
                /*
                 * cookie.setMaxAge(3600); cookie.setSecure(true); resp.addCookie(cookie);
                 */

                // Servlet 2.5不支持在Cookie上直接设置HttpOnly属性
                String value = cookie.getValue();
                StringBuilder builder = new StringBuilder();
                builder.append("JSESSIONID=" + value + "; ");
                builder.append("Secure; ");
                builder.append("HttpOnly; ");
                Calendar cal = Calendar.getInstance();
                cal.add(Calendar.HOUR, 1);
                Date date = cal.getTime();
                Locale locale = Locale.CHINA;
                SimpleDateFormat sdf = new SimpleDateFormat("dd-MM-yyyy HH:mm:ss", locale);
                builder.append("Expires=" + sdf.format(date));
                resp.setHeader("Set-Cookie", builder.toString());
            }
        }
        chain.doFilter(req, resp);
    }

    public void destroy() {
    }

    void the init public (the FilterConfig the arg0) throws ServletException {
    }
}
--------------------- 
OF: Tsai Ming souls 
Source: CSDN 
description: https: // blog. csdn.net/jinming1109/article/details/80281380 
Disclaimer: This article is a blogger original article, reproduced, please attach Bowen link!